Juniper  tackles  threat  management 

Juniper  is  introducing  software  that  lets  security 
platforms  share  information  that  could  help  cus¬ 
tomers  find  and  fix  network  problems.  Page  12. 


What  was  cool  at  DEMO 

There  were  some  innovative  products  at  last  week's  DEMO. 
Editor  Keith  Shaw  targeted  Avaak's  Vue  Personal  Video 
Network  system  cameras.  Page  20. 
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mainframe? 

Software  that  for  the 
first  time  lets  users 
run  native  copies  of 
Windows  on  a  main¬ 
frame  was  rolled  out 
last  week  by  data 
center  automation 
vendor  Mantissa. 
Page  13. 


Mobile 
browsers 
do  security 
no  favors 


Big-picture  planning 
key  to  SaaS  success 

Companies  also  think  about  ‘exit  strategies’ 


Education  going 
virtual 

The  nation's  kinder¬ 
garten  through  12th 
grade  public  schools 
are  fast  evolving  into 
"virtual  schools" 
where  students  surf 
for  courses.  Page  14. 


Sprint's  comeback 
chances 

Sprint  had  a  rough 
2008,  but  its  WiMAX 
launch  and  incremen¬ 
tal  gains  in  customer 
service  could  help 
fuel  a  turnaround. 
Page  16. 

Upcoming  ITR 

Network  World's  IT 
Roadmap  features  10 
IT  tracks;  vendor 
-gxpo;  peer  case  stud¬ 
ies.  ITR  visits 
Chicago,  Boston  and 
[Atlanta  in  2009. 
Register  at: 
»ww.nwdocfind 
dr.com/8728 


BY  JOHN  COX 

The  new  generation  of 
mobile  Web  browsers  is  going 
to  introduce  a  rash  of  security 
challenges. 

A  December  online  survey  by 
F-Secure  found  that  about  30%  of 
U.S.and  Canadian  mobile  phone 
users  access  the  Internet,  broadly 
similar  to  other  regions.  The 
scary  thing  is  that  two-thirds  of 
the  North  American  users  (and 
83%  of  all  respondents)  said  they 
lack  any  security  software  on 
their  mobile  phone  —  even 
though  mobile  browsers  can  ac¬ 
cess  the  same  Web  sites  as  their 
desktop  cousins. 

IT  departments,  according  to 
experts,  need  to  focus  on  three 
areas:  assessing  the  security  ar¬ 
chitecture  and  features  in  the 
mobile  browser  and  the  underly¬ 
ing  operating  system;  working 
with  users  on  smart  and  safe 
browsing  practices;  and  creating 
a  solid  handheld  device  man¬ 
agement  system. 

“Browser  vulnerabilities  are 
the  easiest  way  to  get  remote 
code  running  on  a  smartphone,” 
says  Charlie  Miller,  principal  ana¬ 
lyst  for  software  security  at  In¬ 
dependent  Security  Evaluators 
See  Mobile,  page  32 


BY  JOHN  FONTANA 

IT  managers  are  beginning  to  formu¬ 
late  corporate-wide  mandates  and  poli¬ 
cies  to  ensure  that  software-as-a-service 
applications  adhere  to  the  same  princi¬ 
ples  that  govern  their  internal  applica¬ 
tions,  infrastructures  and  platforms. 

The  trick  is  to  avoid  ad  hoc  rollouts  by 
departments  or  divisions  and  ensure  that  all 
online  services  meet  parameters  for  secur¬ 
ity  backup, storage, data  integration/integrity 
business  process,  compliance  and  auditing. 

Studies  show  that  near-term  strategies 
can  be  shortsighted  because  savings  can 
diminish  over  time  and  complexity  can 
arise  as  more  services  are  deployed.  In 
addition,  those  deployments  can  bring 
compliance  risks  and  auditing  issues,  and 
one-off  service  contracts  may  eventually 
need  to  be  altered  to  align  with  any  enter¬ 
prisewide  strategy 

The  need  for  such  a  big  picture  look  is 
becoming  critical  as  the  use  of  services 

See  SaaS,  page  10 


SaaS  benefits 

Cutter  Consortium’s  4th  annual 
SaaS  survey  was  conducted  with 
113  respondents  in  September  and 
October  2008.  Here  were  the  benefits 
to  using  online  services. 


■  Lower  infrastructure  costs  30% 
a  Greater  functional  capabilities  17% 

Improved  application  reliability^® 

and  performance  13%  ■ 

—  — - — - -  —  -  —  —  — 

Systematic  software 

updates  and  upgrades 

10% 

-  JHHV 

Higher  productivity  10% 

■  Lower  staff  support  requirements  9% 

SB  Other  11% 
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5  MESSAGING  PLATFORMS 


Looking  to  exchange  Ex 


Joel  Snyder  tested  six  alternatives  to 


for  a  slideshow  that  rates  the  client  frontends  and  mana 
backends  of  the  six  Exchange  alternatives,  www.nwdocfinder.com, 

JOEL  SNYDER,  NETWORK  WORLD  LAB  ALLIANCE  | 


Deal  with  the  virtual  — 
and  reality. 


ALTERNATIVE  THINKING  ABOUT  CONTROL  AND  CONSOLIDATION: 


Manage  and  optimize  your  virtual  and  physical  servers 
in  the  same  way  with  HP  Insight  Dynamics  —  VSE. 


When  it  comes  to  IT,  your  universe  is  always  expanding.  Needs  increase, 
resources  are  stretched  and  options  can  be  limited.  But  now,  you  can  rethink 
how  you  control  and  optimize  your  physical  and  virtual  servers  by  integrating 
them  with  one  powerful  software  solution,  Insight  Dynamics  — VSE.  Now  you 
can  increase  flexibility,  improve  cost  and  energy  efficiency,  and  simplify 
daily  operations. 


Supporting  this  technology  is  HP's  commitment  to  service  and  dependability  — 
a  point  of  difference  that  led  IDC  to  name  HP  the  #1  vendor  for  virtualization  * 


Technology  for  better  business  outcomes. 


•  Quad-Core  AMD  Opteron™  Processor, 
with  AMD  Virtualization™  technology 

•  Ideal  for  general-purpose  solutions  and 
high-performance  computing 

•  Affordable,  modular  rack  systems  to 
give  your  IT  department  the  flexibility 
to  expand  with  your  business 


Quad-Core  AMD  Opteron™  Processor, 
with  AMD  Virtualization™  technology 

Infrastructure-in-a-box  saves  you  time, 
power  and  money  by  reducing  repetitive 
parts  and  redundant  operations 

Add,  replace  and  recover  resources  on 
the  fly  without  rewiring 


To  learn  more,  call  1-888-277-5467  or  visit  hp.com/servers/virtuall2 


AMD,  the  AMD  arrow  logo,  AMD  Opteron  and  combinations  thereof,  are  trademarks  of  Advanced  Micro  Devices,  Inc. 

©  2009  Hewlett-Packard  Development  Company,  L.P.  The  information  contained  herein  is  subject  to  change  without  notice. 
*Source:  IDC  Quarterly  Server  Virtualization  Tracker,  October  2008. 
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Cisco  and  NASA  are  collaborating  on 
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12  Juniper  software  to  find  network 
problems. 

13  Microsoft  Windows  on  a 
mainframe? 

14  Virtual  schools  gaining  foothold. 

18  Opinion  Andreas  Antonopoulos: 

The  fantasy  and  reality  of  government 
security. 

34  Opinion  ‘Net  Buzz:  Keeping  the  gov¬ 
ernment's  prying  eyes  at  bay. 


ENTERPRISE  COMPUTING 

18  Opinion  Scott  Bradner:  Special- 
purpose  device,  general-purpose  world. 


APPLICATION  SERVICES 

34  Opinion  BackSpin:  To  Tweet  or  not 
to  Tweet. 


SERVICE  PROVIDERS 

16  Sprint  comeback:  Hard  but  doable. 

TECH  UPDATE 

19  Moving  to  a  unified  wireless  network. 

20  Mark  Gibbs:  Search  hardware,  an 
add-on  and  a  service. 


■  CONTACT  Network  World,  492  Old  Connecticut  Path, 
Framingham,  MA  01701-9002;  Phone:  (508)  766-5301;  E- 
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COOLTOOLS 

■  The  Vue,  which  can  be 
mounted  to  a  wall  to  stream  video 
across  the  Internet,  was  a  shining  star 
at  DEMO  09.  See  Cool  Tools,  page  20. 


20  Keith  Shaw:  Checking  the  cool  at 
DEMO  09. 

NETW0RKW0RLD.COM 


an  online  global  monitoring  platform  to 
capture,  collect,  analyze  and  report 
data  on  environmental  con¬ 
ditions  around  the  world,  !.. 

Called  “Planetary  Skin,”  the 
project  will  involve  the  partners 
developing  the  online  platform  to 
capture  and  analyze  data  from 
satellite,  airborne,  sea-  and  land-based 
sensors  across  the  globe.This  data  will 
be  made  available  for  the  general  pub¬ 
lic,  governments  and  businesses  to 
measure,  report  and  verify  environmen¬ 
tal  data  to  help  detect  and  adapt  to 
global  climate  change. 
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6  Catch  up  on  the  latest  online  stories, 
blogs,  newsletters  and  video. 


Google  chief 
tweaks  Twitter 
PC  World  reports  that 
Google  CEO  Eric  Schmidt, 
speaking  at  the  Morgan 
Stanley  Technology 
Conference  in  San  Francisco, 
disparagedTwitter  as  a  "poor 
man’s  e-mail  system."  Though 
Schmidt  later  applauded  Twitter’s 
success  and  put  in  a  plug  for 
Google’s  own  newTwitter  feed. 

AT&T  sued  over 
overage  charges 
An  Oklahoma  woman  is  suing 
AT&T  after  the  company 
allegedly  billed  her  more  than  $5,000  for 
going  over  her  monthly  data  cap.The 
suit  claims  the  woman  was  misled  by 
both  AT&T  and  retailer  Radio  Shack 
when  she  purchased  a  netbook  com¬ 
puter  in  December  2008.  It  alleges  that 
neither  company  gave  her  sufficient 
details  about  how  much  she  would  be 
charged  for  exceeding  her  monthly  5GB 
bandwidth  cap. 


PEERSAY 


NWW  readers:  “We’re  not  gonna 
pay  a  lot  for  this  bandwidth!" 


Many  are  critical  of 
AT&T’s  overage  fees; 
others  say  users  should 
read  theTOS 

BY  BRAD  REED 

An  Oklahoma  woman’s  decision  to  sue 
AT&T  for  sending  her  a  $5,000  bill  has  elicited 
some  strong  reactions  from  Network  World 
readers,  many  of  whom  think  the  company’s 
bandwidth  overage  charges  are  disproportion¬ 
ate  and  excessive. 

Essentially  the  suit  boils  down  to  this:  Okla¬ 
homa  resident  Billie  Parks  bought  a  netbook 
computer  from  Radio  Shack  at  a  discounted 
price  of  $99.99  in  exchange  for  signing  a  two- 
year  AT&T  DataConnect  contract  that  would 
hook  the  device  onto  AT&T’s  network  for  $60 
per  month. 

However,  the  suit  alleges  that  neither  AT&T 
nor  RadioShack  gave  Parks  sufficient  details 
about  how  much  she  would  be  charged  for 
exceeding  her  monthly  5GB  bandwidth  cap. 
The  result?  A  monthly  bill  for  bandwidth  over¬ 
ages  that  totaled  more  than  $5,000. 

In  response  to  our  piece  published  on  the 
suit  last  week,  some  Network  World  readers 
faulted  AT&T  not  only  for  its  bandwidth  over¬ 
age  charges  —  which  amount  to  roughly  $500 
for  every  extra  GB  of  data  consumed  —  but 
also  for  charging  $60  a  month  for  the  first  5GB 
of  data. 

“The  greed  levels  our  seemingly  entire  coun¬ 
try  has  succumbed  to  is  so  beyond  appalling 
it  makes  me  puke,”  wrote  one  anonymous  user. 
“5GB  for  $60  month  is  simply  criminal.  Period.” 

“This  is  the  same  scam  that  cell  phone 
companies  ran  in  the  late  1980s  and  1990s,” 
wrote  another  anonymous  user.  “You  got  50 
minutes  a  month,  and  everything  over  that 
was  $  1 .50  or  $0.99  per  minute.To  an  average 


customer  getting  a  phone,  this  wasn’t  high¬ 
lighted.  People  got  huge  bills  and  had  to 
curtail  usage.” 

Reader  MP  however,  said  that  if  AT&T  could 
get  away  with  charging  $60  a  month  for  5GB  of 
data,  then  that  should  be  the  market  rate.  How¬ 
ever,  the  reader  also  thought  that  AT&T  needed 
to  do  a  better  job  of  warning  users  when 
they’re  about  to  exceed  their  bandwidth  cap 
and  of  explaining  exactly  how  much  money  it 
could  cost  them. 

While  AT&T  never  mentions  specific  rates 
for  data  overages  in  its  rate  plan  terms,  the 
company  does  say  that  it  will  notify  users 
before  imposing  additional  charges  and  that  it 
will  give  users  the  right  to  terminate  their  ser¬ 
vice  beforehand  if  they  don’t  wish  to  pay  the 
charges. 

“If  they  believe  that  5GB  per  month  cap  is  a 
reasonable  usage  level  for  $60  per  month,  given 
their  costs  to  operate  the  network,  that’s  their 
business  decision, ”MP  wrote.“But  wouldn’t  it  be 
nice  if  they  would  warn  a  user  when  that  limit 
is  approaching,  and  what  the  consequences  of 
overage  would  be  before  the  user  gets  hit  with 
tremendous  overage  charges?  All  it  takes  is  a 
short  text  message  or  e-mail!” 

Some  readers,  however,  faulted  the  user  for 
not  doing  due  diligence  in  carefully  reading 
AT&T’s  terms  of  service. 

“The  unfortunate  truth  is  most  people  have 
no  clue  about  what  makes  up  5GB,” said  poster 
BZZZ.“Does  ‘caveat  emptor’  mean  anything  to 
today’s  litigious  people?  If  you  don’t  under¬ 
stand  it,  don’t  sign  it.  If  that  means  you  don’t 
buy  the  latest  neat  service,  count  your  bless¬ 
ings  as  you  probably  will  be  less  stressed  with¬ 
out  it  and  the  attendant  costs.” 

“Enough  already’  said  another  anonymous 
poster.  “Wonder  if  she  also  bought  a  $500,000 
house  on  a  $20,000  annual  income,  too.  When 
are  we  going  to  stop  paying  people  for  their 
stupidity?”  ■ 


One-day  IT  event  coming  to  a  city 
near  yon! 


10  ITTracks;  vendor  expo;  peer  case  studies 

Feature  sessions  include:  security;  WAN  services;  net  management;  virtualization; 
data  centers;  SaaS;  green  IT;  UC;  VoIP;  mobility;  application  delivery 

10  cities  in  2009 

ITR  visits  Denver,  Chicago  and  Boston  in  early  2009 
Register  and  qualify  to  attend  free: 

www.nwdocfinder.com/8226 
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We're  there  with  the  security  solutions  you  need. 

Security  threats  won't  get  on  your  network  if  they  can't  get  to  the  network.  That's  why  gateway  security  is 
so  important.  CDW  has  a  wide  selection  of  top-name  firewall  protection,  antivirus,  antispyware,  intrusion 
prevention  and  more.  Our  personal  account  managers  along  with  our  highly  trained  technology  specialists 
have  the  expertise  you  need  to  ensure  your  network  is  fortified  and  secure.  So  call  CDW  today.  And 
eliminate  threats  before  they  even  become  threats. 

CDW.com  800.399.4CDW 


Licensing  requires  a  minimum  purchase  of  five  licenses;  includes  1  -year  Maintenance  (12x5  telephone  and  online  technical  support,  virus  pattern  updates  and 
product  version  upgrades).  Offer  subject  to  CDW's  standard  terms  and  conditions  of  sale,  available  at  CDW.com.  ©2009  CDW  Corporation 


SECURITY  NOTICE 


RESTRICTED 
AREA 
KEEP  OUT 


NO  TRESPASSING 


•  Secures  your  network  against  worms,  viruses, 
spyware,  keyloggers,  Trojan  horses,  rootkits  and 
hackers 

•  Delivers  secure  remote  access  to  authenticated  users 
on  managed  and  unmanaged  endpoints 

•  Combines  feature-rich  VPN  connectivity  with 
comprehensive  threat  defense  to  deliver  cost- 
effective  remote  network  access 

•  Prevents  unauthorized  access  to  applications  or 
information  assets  by  providing  fine-grain,  identity- 
or  network-based  access  control 


•  Purpose-built  appliance  delivers  performance, 
security  and  LAN/WAN  connectivity  for  medium  to 
large  regional  and  branch-office  deployments 

•  Offers  a  rich  set  of  Unified  Threat  Management 
(UTM)  security  features  including  stateful 
firewall,  IPSec  VPN,  IPS,  antivirus,  antispam 
and  Web  filtering 

•  Extensible  input/output  architecture  provides 
flexible  LAN/WAN  connectivity  options  on  top 
of  security  to  reduce  costs  and  extend 
investment  protection 


’  Delivers  multi-layered,  multi-threat  protection 
in  a  single  gateway-to-endpoint  suite 
’  Protects  against  the  growing  threat  of 
Web-borne  attacks 

1  Provides  maximum  IT  efficiency  with  automatic 
updates,  centralized  management  console 
and  reporting 

1  Offers  high  scalability  and  extensive 
configuration  options 

51-250  user  license1  $59.99  CDW  1258918 
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PANORAMA  PODCAST: 
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DEMO  09  coverage 

Keith  Shaw  visits  with 
his  favorite  demonstra¬ 
tors  from  DEMO  09, 
including  SmartyCard, 
in  which  parents  can 
use  incentives  to  get 
their  tweens  to  learn 
more.  See  if  Keith  really 
is  smarter  than  a  fifth 
grader. 

www.nwdocfmder.com/9026 


CEBIT  coverage 

Lots  of  new  gadgets 
and  electronics  were  on 
display  at  last  week's 
Cebit  show,  including 
Asus’  prototype  com¬ 
puter  with  dual  touch¬ 
screens. 

www.nwdocfinder.com/9027 
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How  to  not  fall  for 
phishing  schemes 

Rohyt  Belani,  CEO  of 
the  Intrepidus  Group, 
talks  with  Keith  about 
the  latest  ways  that 
phishers  are  going  after 
corporate  employees, 
and  why  phishing 
awareness  training  pro¬ 
grams  often  fail. 

www.nwdocfinder.com/9028 
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I BLOGOSPHERE _ 

■  Will  Windows  7  make  IE  optional? The 

Microsoft  Subnet  blog  reports:  “Microsoft 
may  make  Internet  Explore  optional  in 
Windows  7.  In  about  a  week,  Microsoft  will 
be  up  against  its  deadline  to  respond  to  the 
European  Union  over  charges  that  bundling 
IE  with  Windows  is  an  antitrust  violation.  In 
the  meantime,  Microsoft  has  been  secretly 
testing  a  new  feature  in  Windows  7  that 
would  allow  users  to  completely  delete  IE 
from  the  OS,  sources  say.  Such  a  feature 
would  allow  Microsoft  to  easily  address  the 
mounting  pressure  from  its  browser  com¬ 
petitors  while  sidestepping  more  fines  from 
the  EU.  (Right  or  wrong,  the  EU  does  seem 
to  love  to  fine  Microsoft.)  Should  this  fea¬ 
ture  be  adopted,  IT  departments  would  be 
free  to  standardize  on  other  browsers,  if 
they  so  wished,  too.  But  even  more  impor¬ 
tantly,  with  that  choice  would  come  added 
pressure  for  Microsoft  to  ensure  that  its 
browser  conforms  more  strictly  to  stan¬ 
dards.  Ironically,  if  IE  renders  Web  pages  as 
well  or  better  than  its  competitors  then  peo¬ 
ple  will  be  more  likely  to  want  to  use  it.” 
www.nwdocfinder.com/9029 

■  Cisco  taking  share  from  Nortel?  The 

Cisco  Subnet  blog  reports:  “Cisco  and 
Juniper  may  be  picking  up  enterprise  mar¬ 
ket  share  from  bankrupt  Nortel,  which  just 
posted  a  Q4  loss  of  $2.13  billion  this  week. 
Market  tracker  Technology  Business 
Research  believes  Nortel's  bankruptcy  is 
costing  the  company  enterprise  and  carrier 
customers,  who  are  questioning  Nortel’s 
ability  to  meet  long-term  obligations  and 
fulfill  contracts  while  it  deals  with  its 
Chapter  11  restructuring  —  even  though 
Nortel  says  it  is  winning  new  business  dur¬ 
ing  the  process." 
www.nwdocfinder.com/9030 

■  Robofi:  at  Cebit,  flying  Wi-Fi  robots 
for  emergency  response.  John  Cox 
writes  in  his  On  Wireless  blog:  “Engadet’s 
Joseph  Flatley  at  Cebit  came  across  a 
German-developed  flying  Wi-Fi  robot, 
designed  to  quickly  create  wireless  commu¬ 
nications  at  disaster  sites.  The  battery- 
powered  “QuadroKopter”  (in  German)  was 
created  by  researchers  at  llmenau 
University  ofTechnology.  As  the  name  sug¬ 
gests,  it  has  four  helicopter-style  propellers 
on  arms  that  extend  from  a  central  core, 
which  has  the  processor,  GPS,  and  wireless 
radios  (it's  designed  for  mobile  phone  and 
Wi-Fi  communications). The  idea  is  to  quick¬ 
ly  launch  these  devices  at  a  disaster  site  to 
get  communications  restored  much  faster 
than  is  possible  with  ground  crews." 
www.nwdocfinder.com/9031 


Tech  exec:  I  have  a  tip  for  any  systems 
administrator  who  has  ever  had  to  dig 
through  old  log  files,  searching  for  clues 
about  an  event  that  happened  on  the  net¬ 
work.  Maybe  it  was  a  server  configuration 
change,  or  an  intrusion  attempt,  or  a  hard¬ 
ware  device  sending  signals  that  it’s  about  to 
fail.  Wouldn’t  it  be  nice  to  have  a  search 
engine  that  could  help  you  quickly  find  pre¬ 
cisely  what  you’re  looking  for?  That  exact 
tool  is  now  available  for  download  and  the 
price  is  right  —  it’s  free.  Prism  Microsystems 
just  released  EventTracker  Pulse,  a  smart 
search  engine  for  log  data.  It  can  be 
installed  by  a  systems  administrator  on  any 
Windows  desktop  or  server.  EventTracker 
Pulse  puts  all  log  data  from  all  systems  in 
one  place  so  that  the  data  is  easy  to  search. 

It  collects,  compresses  and  archives  log  data 
from  various  sources,  including  Windows 
servers  and  workstations;  Unix/Linux  servers 
and  workstations;  Cisco  devices;  applica¬ 
tions  and  any  syslog  source.The  data  com¬ 
pression  features  removes  “white  space” 
from  the  log  data.  As  a  result,  the  data 
archive  is  reduced  in  size  by  up  to  95%  com¬ 
pared  to  the  original  log  data.  This  allows 


you  to  store  more  data  over  a  longer  period 
of  time,  www.nwdocf inder.com/9023 

Wireless:  Recently,  1  discussed  airtime  fair¬ 
ness  in  one  newsletter  and  beamforming  in 
the  other.  Airtime  fairness  and  beamforming 
are  separate  technologies  (usually  anyway). 
But  they  do  have  something  in  common:They 
both  help  control  transmissions  in  ways 
intended  to  give  Wi-Fi  users  better  and  more 
predictable  wireless  experiences.  However,  as 
it  turns  out,  Cisco  considers  beamforming  and 
airtime  fairness  the  be  more  or  less  synony¬ 
mous  within  Cisco  Wi-Fi  networks.  Unlike  its 
competitors,  Cisco  attacks  the  airtime  fairness 
issue  with  its  recently  announced  beamform¬ 
ing  technology  (called  ClientLink).ClientLink 
better  focuses  RF  energy  toward  legacy 
802.1  la/g  clients  to  improve  their  perfor¬ 
mance  —  whether  there  are  any  802.1  In 
clients  in  the  network  or  not.  However,  one 
side  effect  is  that  if  the  performance  of  802.1  la 
and  g  clients  in  a  mixed  802.1  la/g/n  network 
improves,  that  will  free  up  more  airtime  for  the 
802.1  In  client  to  transmit, explains  Chris 
Kozup, senior  manager  of  Cisco’s  mobility 
solutions,  www.nwdocfinder.com/9024 
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DEMO  09:  Venture  cash 
scarce,  but  still  available 


The  39  presenters  at  last  week’s  DEMO  09 
conference  know  all  too  well  that  they’re 
launching  new  technologies  in  a  horri¬ 
ble  economy  “It  is  a  terrible  environment  to 
raise  mone^’  said  David  Hornick,  a  general 
partner  at  August  Capital.  Investors  are  less 
willing  to  overlook  potential  gaps  in  a  start¬ 
up’s  business  model,  he  said.  On  the  positive 
side,  start-ups  that  do  survive  the  recession  will  be  among  the  most  innovative,  said 
Chris  Shipley  DEMO’s  executive  producer.“There  is  nothing  like  a  recession  to  clear 
out  the  clutter^’ Shipley  said.“  [Companies]  that  are  a  little  bit  faster,  a  little  bit  more 
courageous,  are  winning  the  day”Tarun  Kalra  of  Battery  Ventures  said  he  sees  an 
opening  for  start-ups  that  can  build  sophisticated  systems  management  software 
products,  for  example.  “The  big  IT  expenditures  right  now  are  in  the  cloud  com¬ 
puting  and  virtual  environments,”  Kalra  said.  “Systems  administrators  and  IT  staff 
have  these  really  advanced  environments  that  they  don’t  know  how  to  control. . . 
This  creates  a  huge  need  and  a  huge  opportunity  for  big  new  platforms  that  pro¬ 
vide  functionality  for  systems  administrators.”  www.nwdocfinder.com/9036 
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Windows  security  patches  coming  this 
week.  Microsoft  will  release  three  sets  of 
security  updates  on  Tuesday,  fixing  at  least  one 
critical  bug  in  its  Windows  operating  system. 
The  most  serious  of  these  updates  fixes  a  bug 
that  could  be  used  to  install  malicious  soft¬ 
ware  on  a  victims  computer  on  any  support¬ 
ed  version  of  Windows.The  other  two 
Windows  updates  fix  flaws  that  are  not  con¬ 
sidered  to  be  quite  so  dire,  and  one  of  these 
two  fixes  does  not  affect  Windows  XP  or  Vista 
users.  Missing  from  this  month’s  Patch  Tuesday 
notification  is  mention  of  a  highly  publicized 
bug  that  has  been  used  in  a  small  number  of 
targeted  attacks.  Given  that  the  Excel  bug  was 
reported  to  Microsoft  just  weeks  ago,  it’s  not 
surprising  that  Microsoft  has  not  had  time  to 
fully  test  and  release  a  fix,  said  Andrew 
Storms,  director  of  security  operations  with 
security  vendor  nCircle. 
www.nwdocfmder.com/9037 

Vivek  Kundra  named  America’s  CIO. 

President  Barack  Obama  has  officially  named 
former  Washington,  D.C. , 
tech  chief  Vivek  Kundra 
as  the  federal  govern¬ 
ment’s  CIO.  Kundra,  who 
previously  served  as  the 
CTO  for  D.CX  city  gov¬ 
ernment,  has  received  a 
good  deal  of  acclaim  for 
his  work  in  making  sure 
that  government  act 
more  transparently  and 
economically  Among  other  things,  Kundra  has 
slashed  the  city’s  IT  costs  by  shifting  govern¬ 


ment  e-mail  and  work  applications  over  to 
Google  Apps  and  has  pushed  for  more  trans¬ 
parency  by  posting  lists  on  the  Web  of  jobs 
that  government  contractors  have  been  hired 
to  perform.  As  the  federal  government’s  CIO, 
Kundra  will  oversee  a  $71  billion  IT  budget 
and  ensure  IT  interoperability  between  gov¬ 
ernment  departments.  During  a  conference 
call,  Kundra  said  he  will  be  looking  at  how 
the  government  could  both  improve  its  tech¬ 
nology  investments  and  make  more  informa¬ 
tion  accessible  to  citizens  through  the 
Internet.'There  is  a  lot  of  data  that  the  federal 
government  has  and  we  need  to  make  sure 
that  all  data  that’s  not  private  and  not  neces¬ 
sary  for  national  security  is  available  on  the 
Internet,”  he  said. 
www.nwdocfinder.com/9038 

Most  CIOs  not  planning  IT  layoffs,  sur¬ 
vey  finds.  While  a  number  of  IT  suppliers  are 
reporting  layoffs,  many  technology  buyers  are 
hoping  to  avoid  staff  cuts.  According  to  survey 
results  released  by  Robert  Half  Technology 
more  than  80%  of  1 ,400  CIOs  polled  said  they 
plan  to  maintain  current  staffing  levels 
throughout  the  second  quarter  this  year.  Eight 
percent  expect  to  hire  IT  personnel  and  just 
6%  anticipate  staff  reductions  over  the  same 
time  period,  the  IT  staffing  and  consulting  firm 
reports.  Among  the  reasons  cited  by  those 
CIOs  who  plan  to  hire  are  corporate  growth  or 
expansion  (25%);  expansion  or  increased 
investment  in  the  IT  department  specifically 
(9%);  increased  workload  (8%);  and  systems 
upgrades  (8%).  Among  those  6%  expected  to 
lessen  headcount  during  the  quarter,  40% 


pointed  to  a  reduced  IT  budget  and  21%  said 
the  staff  cuts  were  the  result  of  the  “impact  of 
the  financial  fallout”  on  their  company  or 
industry  www.nwdocfinder.com/9039 

Linux  Foundation  taking  over  Linux.com 
site.  The  Linux  Foundation  is  taking  over 
management  of  editorial  and  other  aspects  of 
Linux.com  and  creating  a  set  of  community 
tools  around  the  Web  site. The  Linux 
Foundation,  which  sponsors  the  work  of  Linux 
creator  Linus  Torvalds,  is  taking  over  owner¬ 
ship  of  the  URL  from  SourceForge,  which  runs 
Slashdot  among  its  other  Web  site  properties. 
“The  Linux  Foundation  is  a  natural  home  for 
Linux.com,” says  Jim  Zemlin,  executive  direc¬ 
tor  of  the  nonprofit  consortium  founded  in 
2007.“The  new  Linux.com  will  be  for  the  com¬ 
munity  by  the  community  so  input  is  critical 
as  we  work  to  build  and  fully  launch  the  new 
site  within  a  couple  months.” 
www.nwdocfinder.com/9040 

Cisco  vet  launches  net  management 
start-up.  Windmill  Networks  last  week 
unveiled  its  management  integration  software, 
which  is  designed  to  reduce  network  perfor¬ 
mance  management  headaches  and  speed 
troubleshooting  for  time-strapped  IT  staff.  Fred 
Gray  who  co-founded  Windmill  Networks,  says 
10  years  working  with  Cisco  clients  revealed 
to  him  the  need  for  integration  across  man¬ 
agement  platforms.The  network  manage¬ 
ment  staff  typically  ends  up  with  many  tools 
that  require  a  lot  of  care  and  feeding  and 
none  of  which  work  well  together  Gray  says.“I 
find  most  network  managers  are  tired  of  using 
Perl  spackle  to  tie  all  the  network  manage¬ 
ment  tools  together’Windmill  Integration 
Manager  installs  as  a  VMware  virtual  appli¬ 
ance  and  includes  a  data  correlation  engine, 
which  translates  and  reconciles  information 
collected  from  multiple  third-party  manage¬ 
ment  applications  such  as  IBM  Tivoli  software 
or  CiscoWorks. 

www.nwdocfinder.com/9041 

Catbird  tightens  security  of  virtual 
machines.  Catbird  is  upgrading  its  virtual 
security  software  platform  to  better  track  VMs 
as  they  replicate  and  to  make  sure  the  proper 
security  policies  follow  them  wherever  they 
go.  VMShield  2.0  uses  more  attributes  to 
define  VMs,  making  it  more  likely  that  they 
will  be  tracked  accurately  when  they  create 
other  versions  of  themselves. VMShield  then 
makes  sure  that  the  proper  policies  are 
applied  to  all  instances  of  the  VM.  The  policy 
checks  not  only  pertain  to  attributes  of  theVM 
but  also  to  the  physical  machine  it  migrates 
to.  In  addition,  the  software  takes  into  account 
the  network  segment  where  a  VM  is  deployed 
and  adjusts  for  the  policies  in  that  segment 
VMShield  2.0  is  compatible  with  VMware, 
Citrix  Xenserver  and  Microsoft  Hyper-V 
www.nwdocflnder.com/9042 
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Go  green  and  lower  operational  costs  by  adapting  to  the  way  people  actually  want  to  work. 
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connects  people  faster,  wherever  they  are  in  your  company  or  irj  the  world,  which  means 
less  commuting,  less  jet  fuel,  less  energy,  less  money.  And  IBM  software  gives  you  advanced 
deduplication  and  data  compression  features,  lowering  the  energy  and  space  costs  of  your 
collaboration  infrastructure  by  as  much  as  half.  A  greener  world  starts  with  greener  business. 
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within  companies  begins  to  grow. 

A  recent  survey  by  Cutter  Consortium 
shows  that  63%  of  respondents  are  using  the 
SaaS  model  in  their  organization  while  28% 
are  considering  it.  Last  year  in  the  same  sur¬ 
vey,  32%  were  using  SaaS  and  36%  were  con¬ 
sidering  its  use. 

Furthermore, Saugatuck  Technology  says  that 
by  year-end  55%  of  North  American  businesses 
will  have  deployed  at  least  one  SaaS  applica¬ 
tion,  and  Gartner  predicts  that  by  2013,  func¬ 
tional  equivalency  between  SaaS  and  on¬ 
premises  software  will  be  commonplace 
across  a  range  of  applications. 

A  Gartner  study  last  year  found  that  SaaS  de¬ 
ployments  in  most  large  companies  began 
without  the  CIO  knowing  about  them  or  having 
any  involvement.  As  part  of  the  findings, 
Gartner  recommended  that  CIOs  “develop  a 
SaaS  strategy  and  incorporate  it  into  their 
application  strategy  and  portfolio  manage¬ 
ment.” 

Getting  the  message 

Some  executives  are  pioneering  the  advice 
and  starting  to  include  long-term  strategy  when 
considering  the  promise  of  short-term  gain. 

Derrick  Jackson,  systems  and  database 
manager  for  Mapp  Construction,  headquar¬ 
tered  in  Baton  Rouge,  La. ,  has  formulated  a 
policy  that  gives  his  company  an  “exit  strat¬ 
egy”  for  when  it  might  want  to  use  an  appli¬ 
cation  in-house. 

“You  have  to  evaluate  these  providers  on 
whether  or  not  they  have  a  plan  in  place  to  get 
you  off  the  SaaS  model,  sort  of  an  exit  strategy 
in  the  long  term,”  he  says. 

Mapp  uses  Enterprises’  Empower  CRM  soft¬ 
ware,  which  is  hosted  on  IBM  BladeCenter 
servers,  IBM  WebSphere,  DB2  and  Lotus  soft- 
ware.That  configuration,  Jackson  says,  provides 
him  with  the  ability  to  move  in-house  when 
and  if  the  time  arises. 

“You  have  to  plan  five  years  from  now  for 
when  the  application  is  growing  out  and  is  a 
cornerstone  and  how  you  get  it  back  into  your 
environment  if  you  want  to  do  that,”  he  says. 

Jackson’s  view  is  borne  out  in  recent  Gartner 
research  that  says  cost  savings  begin  to  break 
down  after  the  first  two  years  of  a  SaaS  deploy¬ 
ment. 

He  says  having  services  that  run  in  a  hosted 
infrastructure  that  somewhat  aligns  with  the 
internal  infrastructure  can  make  moving  appli¬ 
cations  more  cost  effective. 

Others  are  looking  at  SaaS  providers  as  part¬ 
ners  who  can  help  educate  internal  staff  for 
that  possible  in-house  move  or  to  augment  the 
service  with  in-house  work. 

“We  partnered  with  our  provider  to  help  train 
our  Web  application  programmers,”  says  Anna 
Sherony  a  privacy  and  information  officer  for  a 
financial  services  firm  who  last  year  contracted 
with  WhiteHat  Security  to  provide  Web  site 
security  services. 


Why  no  SaaS? 

In  a  report  done  Feb.  20,  Forrester 
polled  352  IT  pros  who  make 
decisions  on  the  purchase  of 
packaged  applications  and  asked  them 
why  they  are  not  interested  in  SaaS. 


Reasons  for  no 
interest  in  SaaS 

Total  cost  concerns 

Security  concerns 

We  can’t  find  the  specific 
application  we  need 

Integration  issues 

Lack  of  customization 

Application  performance 
(e.g.,  downtime,  speed) 

Complicated  pricing  models 

We’re  locked  in  with  our 
current  vendor 

Other  reason 


Percentage 

37% 

30% 

25% 

25% 

21% 

20% 

16% 

14% 

13% 


The  company’s  programmers  learn  the  ins 
and  outs  of  the  service  and  how  to  write  more 
secure  code.  “It  is  important  when  looking  at 
these  solutions  to  have  a  partnership. You  have 
to  be  able  to  build  a  relationship  with  the  ven¬ 
dor’’ Sherony  says. 

Expanding  SaaS 

Those  relationships  can  prove  to  be  impor¬ 
tant  as  SaaS  expands  beyond  its  traditional 
roots  in  CRM  and  human  resources  applica¬ 
tions.  A  recent  Forrester  Research  study  shows 
that  applications  such  as  collaboration,  con¬ 
tent  management,  market  automation  and 
order  management  are  beginning  to  find  inter¬ 
est  among  SaaS  adopters. 

In  the  Forrester  survey,  titled  “Software-as-a- 
service  adoption  expands”,  IT  executives 
are  encouraged  to  create  best  practices 
guidelines  that  explore  such  things  as  back¬ 
up  and  disaster-recovery  policies,  and 
adherence  to  corporate  identity  and  access 
management  policies. 

The  study  also  states  that  IT  executives 
should  develop  standard  contract  language 
around  performance,  uptime  and  help  desk 
support  “so  that  SaaS  buyers  have  a  stronger 
sense  of  what  to  ask  for  when  signing  new 
agreements.” 

Another  reason  to  develop  corporate  strate¬ 
gies  is  centered  on  the  fact  that  SaaS  is  break¬ 
ing  networking  down  into  increasingly  smaller 
pieces. 

“When  SaaS  vendors  first  started  they 
needed  the  whole  data  center  stack,”  says 


Rob  DeSisto,  an  analyst  with  Gartner.  “What 
we  are  seeing  now  is  a  breaking  apart  into 
specialized  vendors. When  you  look  at  secu¬ 
rity  or  billing  or  integration  services  those 
are  specialized  needs  that  one  vendor  can’t 
offer.” 

Those  specializations  are  being  fueled  by  the 
needs  corporate  users  have  to  link  internal  sys¬ 
tems  to  external  services. 

Start-up  Symplified  runs  an  identity  federa¬ 
tion  service  that  lets  companies  keep  their 
identity  credentials  on  their  own  network  but 
build  a  single  sign-on  (SSO)  pipeline  to  all  its 
online  services. 

“We  provide  the  SSO  and  users  don’t  have  to 
do  one-off  integrations,”  says  Darren  Platt,  CTO 
of  Symplified.  Platt  says  the  next  pain  point  will 
be  auditing,  logging  and  compliance. 

“Users  have  to  rely  on  their  service  provider 
to  tell  them  what  users  did  and  in  some  indus¬ 
tries  that  is  not  good  enough  [for  compliance] . 
People  are  just  starting  to  realize  that  nowf  Platt 
says. 

There  are  also  security  issues  as  companies 
start  handing  out  passwords  for  each  and  every 
service. 

“One  of  the  benchmarks  for  security  is  how 
many  separate  passwords  your  employees 
have,” says  James Tu,  former  information  securi¬ 
ty  officer  for  commercial  real  estate  firm  CB 
Richard  Ellis.“It’s  a  nightmare  to  manage  those 
passwords,  it  destroys  security’ 

He  says  Symplified  provides  a  nice  SSO  layer, 
and  he  says  other  services  will  have  to  come 
along  to  provide  users  with  a  single  provision¬ 
ing  and  account  termination  infrastructure. 

“We  need  to  see  more  infrastructure  solu¬ 
tions  that  integrate  SaaS  and  the  stuff  behind 
the  firewall,”  says  Tom  Halter,  director  of  IT  for 
Whitney  Automotive.  Halter  uses  a  Microsoft 
Exchange  e-mail  hosting  service  from  Inter¬ 
media,  which  initially  forced  him  to  maintain 
two  directories,  one  on  each  side  of  the  fire¬ 
wall.  Now,  Intermedia  provides  a  directory  syn¬ 
chronization  feature. 

While  Halter  says  his  company  has  not  come 
up  with  an  enterprise  services  strategy;  the  sur¬ 
rounding  issues  have  all  been  centralized  with¬ 
in  IT  for  evaluation  and  testing. 

Another  company  servicing  infrastructure 
needs  is  Hubspan, which  does  data  integration. 

“We  eliminated  the  need  to  do  [data]  trans¬ 
formation  and  for  our  customers  to  buy  inte¬ 
gration  software,”  says  Nick  Marchetti.head  of 
commercial  supply  chain  management  for 
Visa’s  Commercial  Solutions  division. 

The  division  set  up  an  Accounts  Payable 
Automation  service  18  months  ago  using  Hub- 
span  as  the  provider  to  transform  data  from 
banks  into  a  format  Visa  could  process. 

Now  Visa  can  set  up  accounts  and  data  map¬ 
pings  in  two  weeks  instead  of  two  months.  In 
the  next  year,  the  system  will  be  expanded  into 
Europe  and  Asia. 

“When  looking  at  it  from  an  infrastructure 
perspective,  yes,  you  can  leverage  SaaS  for 
infrastructure  but  you  have  to  have  that  mind- 

See  SaaS,  page  14 
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Juniper  to  find  network  problems 


Technology  relies  on  standards-based  sharing 
of  security  data  among  devices 


© 

In  this  example,  SSL  VPN, 
IDS/IPS  and  NAC  gear  publish 
log  data  to  the  IF-MAP  server. 
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The  firewall  subscribes  to  data 
on  the  server  and  receives 
analysis  that  indicates  an  attack 
coming  through  a  particular  port. 
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IF-MAP:  Hew  it  works 

The  IF-MAP  standard  provides  an 
interface  that  allows  security 
devices  to  share  log  information 
with  other  devices  including 
correlation  engines  that  can 
uncover  the  cause  of  security 
incidents. 


Based  on  this  data  the  firewall 
can  close  the  port  until  someone 
can  step  in  to  figure  out  what  to 
do  about  the  attack  long-term. 


BY  TIM  GREENE 

Juniper  is  this  week  introducing  software  that 
lets  security  platforms  —  even  those  made  by 
other  vendors  —  share  and  analyze  log  infor¬ 
mation  in  order  to  determine  the  root  cause  of 
network  problems  and  fix  them. 

Called  Adaptive  Threat  Management,  the 
data-sharing  software  includes  upgrades  to  its 
SSL  VPN  and  Unified  Access  Control  devices 
that  enable  them  to  publish  log  information  to 
a  UAC  server  that  shares  the  data  with  other 
platforms. 

The  interface  between  the  SSL  and  UAC 
devices  and  the  server  is  a  standard  known  as 
IF-MAP  (see  diagram,  below),  a  communica¬ 
tion  interface  for  creating  a  two-way  street 
between  network  devices  and  the  server  to 
which  device  data  is  published. 

Adaptive  Threat  Management  can  support 
devices  made  by  other  vendors,  but  those 
devices  must  comply  with  IF-MAPSo  if  a  secu¬ 
rity  platform  made  by  another  vendor  publish¬ 
es  data  using  the  IF-MAP  interface  it  can  be¬ 
come  part  of  an  Adaptive  Threat  Management 
deployment,  Juniper  says. 

Customers  that  have  a  firewall  in  place  from 
another  vendor  could  potentially  keep  it,  but 
enable  it  to  publish  log  data  to  the  central  IF- 
MAP  server  where  other  devices  could  access 
it,  analyze  it  and  act  upon  it.  And  the  firewall 
could  subscribe  to  information  from  the  server 
in  order  to  respond  to  new  threats. 

It  is  important  for  Juniper  to  bring  together  its 
network  and  security  offerings  in  order  to 
make  the  case  that  its  disparate  gear  can  be 
deployed  as  a  coordinated  security  system  that 
embraces  other  vendors,  says  Phil  Hochmuth, 
an  analyst  with  the  Yankee  Group. 

With  Adaptive  Threat  Management,  cus¬ 
tomers  can  create  a  single  user-based  policy 
that  is  pushed  to  devices  in  the  network, saving 
administrative  time  on  configuration.  “You’re 
not  having  to  scramble  around  to  push  policy 
to  10  different  boxes,”  Hochmuth  says. 

Adaptive  Threat  Management  is  reminiscent 
of  Cisco’s  TrustSec,  which  uses  centrally 
defined  access  policies  enforced  in  the  net¬ 
work  —  but  Cisco  uses  its  switches  to  enforce 
the  policies,  Hochmuth  says.“lt  is  a  major  archi¬ 
tectural  strategy  to  glue  together  the  individual 
parts  of  access  control,”  he  says. 

IF-MAP  is  supported  by  a  handful  of  vendors 
including  Aruba  Networks,  ArcSight,  Infoblox, 
Lumeta  and  nSolutions. 

Last  year,  Juniper  revamped  and  renamed  its 
management  platforms  to  Network  and 
Security  Manager  (NSM),  which  centrally  man¬ 
ages  policies  for  Juniper’s  network  and  securi¬ 


ty  gear,  setting  the  stage  for  different  classes  of 
devices  sharing  data. 

The  NSM  platform  has  been  upgraded  to 
include  more  standard  reports  that  map  to  the 
behavior  of  devices  in  the  network  that  it  deals 
with.  These  reports  can  be  used  as  the  audit 
trails  necessary  for  some  regulatory  compli¬ 
ance  or  for  internal  audits  to  gauge  network 
security  the  company  says. 

Juniper  gives  an  example  of  how  the  new 
capability  could  work.  A  user  logged  in  via  SSL 
VPN  inserts  a  USB  device  into  his  computer 
that  is  infected  with  a  Trojan.  A  firewall/intru¬ 
sion-prevention  system  detects  the  Trojan  and 
that  information  gets  shared  with  the  SSL  VPN 
device,  which  can  interrupt  the  VPN  session.lt 
can  guide  the  user  through  remediation  of  the 
problem,  then  let  the  device  set  up  a  new  VPN 
session. 

The  software  for  Juniper’s  SSG  series  SSL  VPN 
gateways  also  enables  single  sign-on,  and  re¬ 
mote  access  users  are  presented  with  a  list  of 
resources  they  are  authorized  to  access  and 
can  go  to  them  directly  with  out  signing  on  for 
each  one. 

This  is  convenient  for  accounting  consul¬ 
tants  with  Singer  Lewak,  an  accounting-ser¬ 
vices  firm  in  Los  Angeles,  says  the  company’s 
CIO  Rob  Krumwiede.The  SSL  VPN  is  a  launch- 
pad  to  the  intranet,  e-mail  and  internal  appli¬ 
cations,”  he  says. 

So  a  remote  user  can  click  on  an  icon  to  gain 
access  to  one  of  three  email  options  — Citrix 
thin-client-based,  Outlook  Web  Access  and  full 
Outlook  —  all  without  having  to  authenticate 
again. 

Juniper  also  is  introducing  two  models  in  its 


SRX  series  of  security  devices  whose  hallmark 
is  that  the  individual  security  applications  run¬ 
ning  on  them  can  be  integrated,  and  that  pro¬ 
cessing  power  can  be  dedicated  for  each  to 
ensure  performance. 

The  SRX  3400  and  3600  are  the  smallest 
members  of  this  high-capacity  family  whose 
biggest  brother,  SRX  5800,  boasts  being  the 
fastest  at  close  to  140Gbps.The  models  top  out 
at  20Gps  and  30Gbps  on  firewall  throughput, 
respectively,  but  the  hardware  features  the 
same  modular  architecture  that  enables 
expanding  power  by  adding  cards. 

The  devices  also  support  both  VPN  and  intru¬ 
sion  detection/prevention  system  (IDS/IPS)  at 
6Gbps  on  the  SRX  3400  and  lOGbps  on  the  SF0( 
3600.  Starting  price  for  the  devices  is  $50,000 
for  the  SRX  3400  chassis  with  a  network-pro- 
cessing  card,  a  routing  engine  and  support  for 
a  lOGbps  firewall,  2Gbps  VPN  and  2Gbps 
IDS/IPS. 

With  dedicated  processing  per  application, 
users  can  guarantee  performance  when  load 
or  applications  are  added.  Because  this  is 
done  internal  to  the  chassis,  such  expansions 
require  no  new  rack  space  and  cost  less  than 
stacking  appliances  because  there  is  less 
redundant  hardware  in  a  modular  box  than  in 
a  collection  of  appliances.B 
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Microsoft  Windows  on  a  mainframe? 


BY  JOHN  FONTANA 

Software  that  for  the  first  time  lets  users  run 
native  copies  of  the  Windows  operating  sys¬ 
tems  on  a  mainframe  was  introduced  last 
week  by  data  center  automation  vendor 
Mantissa. 

The  company’s  z/VOS  software  is  a  CMS  appli¬ 
cation  that  runs  on  IBM’s  z/VM  and  creates  a 
foundation  for  Intel-based  operating  systems. 

Users  only  need  a  desktop  appliance  run¬ 
ning  Microsoft’s  Remote  Desktop 
Connection  (RDC)  client,  which  is 
the  same  technology  used  to 
attach  to  Windows  running  on 
Terminal  Server  or  Citrix-based 
servers. 

Users  will  be  able  to  connect  to 
their  virtual  and  fully  functional 
Windows  environments  without 
any  knowledge  that  the  operating 
system  and  the  applications  are 
executing  on  the  mainframe  and 
not  the  desktop. 

According  to  the  company’s  Web 
site,  users  will  be  able  to  create  a 
PC  in  15  seconds,  have  it  opera¬ 
tional  in  15  minutes  and  use  it 
once  or  have  it  permanently  with¬ 
out  worrying  about  depreciation  of 
hardware. 

Because  z/VOS  supports  x86  ar¬ 
chitectures,  the  technology  also 
can  run  Linux  images. 

The  z/VM  hypervisor  natively  sup¬ 
ports  the  ability  to  run  hundreds  to 
thousands  of  Linux  servers  on  a 
single  mainframe. 

Mantissa  is  attempting  to  match 
that  performance  for  Windows  via 
z/VOS. 

The  company  says  z/VOS  will 
eliminate  the  need  to  acquire  and 
maintain  desktop  hardware  and 
costs  associated  with  PCs  such  as 
high-power  consumption. 

“The  product  has  been  a  bear  for 
the  development  group  but  the 
thought  of  being  able  to  run  3,000 
copies  of  Windows  on  one  System 
z  so  fascinated  the  team  that  we  needed  very 
little  additional  incentive,”  Mantissa  CEO  and 
founder  Gary  Dennis  said  on  the  IBMVM  list 
serve  site  last  summer. 

Dennis  did  not  respond  to  inquires  asking  for 
comment  on  this  story 

He  is  scheduled  to  introduce  z/VOS  Friday  at 
the  annual  Share  conference  in  Austin,  Texas, 
during  a  presentation  entitled  “x86  Virtual¬ 
ization  Technology  for  System  z.” 

Mantissa  says  z/VOS  will  be  the  cornerstone 
of  what  it  calls  its  utility  virtualization  product 
line. 

“To  my  knowledge  this  has  never  been  done 


on  a  mainframe,  but  always  on  some  other 
kind  of  terminal  server  with  an  Intel  architec¬ 
ture  and  not  System  z,”  says  Clay  Ryder,  presi¬ 
dent  of  the  Sageza  Group.  “I  could  see  for 
schools  or  fixed  function  workstations.lt  would 
be  terrific  in  there  is  nothing  to  touch  and  you 
can  deploy  those  devices  and  everything  takes 
place  in  one  central  location.  As  students  or 
users  leave,  files  can  be  cleaned  or  archived  or 
whatever  and  from  an  administrative  point  of 


view  that  is  a  real  plus.” 

But  Ryder  says  the  concept  doesn’t  come 
without  questions. 

“What  is  the  magic  seat  count  number  where 
it  makes  more  sense  to  do  this  on  a  main¬ 
frame?  And  the  Z  is  not  the  kind  of  machine 
people  have  laying  around.There  is  certainly  a 
lot  to  think  about  here,”  he  says. 

Another  issue  is  the  System  z  was  designed 
originally  to  do  transaction  processing  not  the 
kind  of  workloads  that  are  done  on  PCs  today. 

“But  that  said,  the  Z  is  a  very  powerful  and 
fast  system,”  Ryder  says.  He  says  the  design  of 
the  z9  and  zlO  and  off-load  engines  in  the 


mainframe  such  as  the  Integrated  Facility  for 
Linux  (1FL)  make  it  likely  the  system  could  take 
on  some  workloads  not  anticipated  in  the  sys¬ 
tem’s  traditional  design. 

Users  who  responded  to  Mantissa  CEO 
Dennis  when  he  floated  the  concept  last  sum¬ 
mer  approached  the  idea  with  intrigue  and 
questions. 

“We  can  hope  that  the  version  of  Windows 
will  be  more  stable  than  Windows  Vista. 

Moving  that  kind  of  instability 
into  z/VM  is  not  particularly 
attractive.  Otherwise,  on  a  con¬ 
ceptual  basis,  it  opens  up  many 
possibilities,”  said  John  Baker,  a 
discussion  participant. 

Others  speculated  that  the 
technology  might  work  better  for 
server  applications  that  have 
fewer  GUI  requirements  that 
could  tax  the  mainframe. 

“Most  likely  this  would  be  to  run 
things  such  as  MS  SQL  Server,  MS 
Exchange  and  other ‘server’ soft¬ 
ware.  Not  an  end-user  GUI  ses¬ 
sion.  Just  like  most  z/Linux  users 
are  not  running  X  applications. 
They  are  running  ‘servers’  such  as 
e-mail, web, WAS, etc, ’’wrote  poster 
John  McKown. 

The  little  information  available 
on  z/VOS  from  Mantissa  doesn’t 
give  any  hint  whether  the  soft¬ 
ware  will  support  both  the 
Windows  client  and  server  oper¬ 
ating  systems. 

In  terms  of  licensing  issues, 
Mantissa’s  Dennis  doesn’t  see 
anything  out  of  the  ordinary  with 
current  virtualization  licensing. 

“We  don’t  see  anything  in  the 
Microsoft  EULA  that  would  per¬ 
mit  or  cause  them  to  treat  this 
environment  any  different  than 
existing  [virtual  machine]  envi¬ 
ronments.  This  environment 
should  work  in  their  favor  since 
the  images  (and  therefore  the 
licenses)  can  be  deployed  more 
efficiently  than  in  a  blade  warehouse  environ¬ 
ment,”  Dennis  wrote  on  the  discussion  list.H 
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Virtual  schools  gaining  foothold 


BY  ELLEN  MESSMER 

The  nation’s  kindergarten  through  12th  grade 
public  schools  are  no  longer  simple  brick-and- 
mortar  buildings  with  teachers  and  kids  but 
are  fast  evolving  into  “virtual  schools”  where 
students  surf  in  for  their  courses  from  outside. 

This  summer,  Florida  will  make  it  mandatory 
for  every  school  district  there  to  start  providing 
a  virtual  school  for  kindergarten  through 
eighth  grade,  giving  parents  a  choice  of  letting 
their  children  attend  classes  and  take  tests  via 
computer  over  the  Internet.  The  state  already 
funds  the  Orlando-based  Florida  Virtual 
School,  which  last  year  was  used  by  more  than 
63,000  middle-  and  high-school  students  with 
special  needs. 

Experts  in  the  field,  including  those  at  the 
U.S.  Department  of  Education,  acknowledge 
they  don’t  have  hard  numbers  about  how 
many  of  the  nation’s  49  million  public  school 
K-12  students  are  taking  accredited  virtual- 
school  courses  but  best  estimates  are  that 
about  1  million  participated  last  year  in  total¬ 
ly  online  courses  or“blended”  education  in  K- 
12  public  schools  that  combines  in-class- 
room  and  Web-based  curriculum,  mostly  at 
the  high-school  level. 

That’s  according  to  the  “K-12  Online 
Learning”  survey  conducted  by  the  Sloan 
Consortium,  a  cooperative  effort  involving 
Hunter  College  and  Babson  College 
researchers,  published  in  January  based  on  a 
poll  of  school  districts  throughout  the  country 
to  come  up  with  an  educated  guess:  virtual 
schoolers  have  increased  47%  from  Sloan 
Consortium’s  last  survey  two  years  ago. 

About  4  million  college  students  are  said  to 
be  enrolled  in  fully  online  courses,  but  K-12 
now  seems  to  be  taking  off. 

Alabama  and  Michigan  in  recent  years  have 
passed  laws  requiring  a  measure  of  online 
instruction  for  high-school  kids  because  it  was 
viewed  as  a  positive  experience  and  a  chance 
to  provide  advanced  courses  not  otherwise 
locally  available,  Powell  says.  But  Florida’s 
House  Bill  7067, “Virtual  Instructions  Programs” 
which  kicks  in  July  1,  goes  much  further  and 
requires  Florida  school  districts  to  run  full-time 
virtual  schools  for  kindergarten  through  eighth 
grade,  with  cyber-school  options  for  upper 
grades,  too. 

“You  have  to  offer  something,”  says  Elisabeth 
Walden,  network  manager  in  the  Florida’s 
Jackson  County  School  District,  which  has 
more  than  a  dozen  K-12  schools  and  about 
7,500  students.  “This  is  going  to  transform  the 
way  education  is  delivered  in  schools.” 

Walden’s  school  district  and  its  schools  are 
still  in  the  process  of  mapping  out  an 
approach.  It  could  either  be  recording  what 
happens  in  the  classroom,  where  many  teach¬ 
ers  use  computer-based  instruction  and  elec¬ 
tronic  smart  boards”  in  lieu  of  the  old  chalk¬ 


boards,  and  streaming  it  out  to  registered  stu¬ 
dents  outside  the  classroom.  Or  it  might  mean 
turning  to  the  services  of  an  educational  con¬ 
tent  provider. 

For  many  Florida  schools, though,  there’s  con¬ 
cern  because  not  only  will  there  be  costs 
involved  in  the  virtual-school  rollout,  but  if  par¬ 
ents  opting  for  virtual  schools  don’t  like  what’s 
offered,  they  can  switch  to  another  school  and 
with  it  would  go  the  funding. 

Of  the  44  states  offering  virtual-schools  in 
some  form,  the  largest  programs  are  in  Nevada 
and  Florida,  says  Allison  Powell,  vice  president 
at  the  International  Association  for  K12  Online 
Learning  (iNACOL),  the  Vienna, Va.-based  orga¬ 
nization  whose  2,300  corporate  and  academic 
members  are  trying  to  keep  up  with  the  dra¬ 
matic  changes  that  appear  to  be  turning 
America  into  a  nation  of  virtual  schoolers. 

Schools  are  deploying  VoIP  adding  micro¬ 
phones,  video  streaming  and  setting  up  online 
discussion  groups  for  students  who  take  this 
instruction  via  their  computer,  either  at  home 
or  in  a  local  library  Often  tests  are  being  taken 
online  and  graded. 

Schools  “are  using  products  like  Blackboard, 
a  learning  management  system,”  Powell  says. 
One  of  the  hardest  things  for  schools  to  do  is  to 
create  online  content,  so  they  often  turn  to 
content  vendors.  Teachers  are  being  paid  to 


SaaS 

continued  from  page  10 

set  from  the  beginning. You  need  architecture 
and  vision  for  that  from  the  start,”  Marchetti 
says. 

Of  infrastructure  and  platforms 

Another  corporatewide  decision  point 
emerging  is  platform-as-a-service  (PaaS) 
with  providers  such  as  Amazon,  IBM, 
Google,  Salesforce.com,  NetSuite,  Microsoft 
and  others. 

“What  appeals  to  me  about  SaaS  systems  like 
Salesforce  is  they  act  as  a  platform  more  than 
as  an  application,”  says  Erika  Bjune,vice  presi¬ 
dent  of  IT  for  Tides  Center,  a  nonprofit  fiscal 
sponsor  to  activists  and  organizations. 

Tides  Center  uses  Salesforce  to  host  a  portal 
that  houses  financial  information  and  for  a 
custom  application  Bjune  built  to  qualify  orga¬ 
nizations.  Bjune  also  uses  open  source  busi¬ 
ness  integration  software  from  Jitterbit  to  con¬ 
nect  Tides  Center’s  Microsoft  SQL  Server  infra¬ 
structure  to  Salesforce.com. 

“The  three-year  vision  we  have  here  is  that  we 
are  pursuing  platforms  on  which  we  can  build 
all  the  kinds  of  applications  and  services  and 
workflows  that  we  need  not  only  to  do  our 
business  but  to  collect  metrics,”  Bjune  says. 

Experts  say  PaaS  is  just  another  services  area 


provide  virtual  schooling,  which  might  involve 
teaching  an  online  class  after  the  brick-and- 
mortar  school  day  is  over. 

It’s  easy  to  get  the  impression  the  traditional 
classroom  is  being  outsourced  or  that  the  K-12 
virtual  school  will  shake  up  education  the  way 
e-commerce  did  retailing.  But  advocates  say  it’s 
a  mistake  to  be  afraid  of  changes  that  will  ben¬ 
efit  learning. 

“Australia  and  Canada  have  been  doing  this 
for  a  long  time,”  Powell  says.  “And  Singapore 
even  has  one  week  a  year  when  they  shut 
down  their  schools  and  have  an  e-learning 
week.”  That’s  in  part  to  prepare  for  any  emer¬ 
gency  that  might  keep  children  from  brick-and- 
mortar  schools  but  still  allow  learning  to  pro¬ 
ceed,  if  possible,  online. 

In  the  United  States, virtual  schooling  is  being 
used  for  many  reasons:  to  help  students  catch 
up  with  remedial  work,  because  they  are 
homebound,  or  to  provide  opportunity  for 
advanced  coursework,  according  to  the  Sloan 
Consortium  study 

In  general,  it’s  viewed  as  a  way  to  provide  flex¬ 
time  in  learning  for  K-12  students,  and  in  rural 
districts,  the  report  states, “online  learning  is  not 
simply  an  attractive  alternative  to  face-to-face 
instruction  but  increasingly  is  becoming  a  life¬ 
line  to  basic  quality  education”  because  of 
teacher  shortages  in  subjects  like  math.B 


where  companies  need  to  make  long-term 
decisions. 

“From  the  standpoint  of  someone  looking  at 
PaaS  and  building  applications, you  have  to  do 
the  same  due  diligence  you  did  when  you 
looked  at  buying  your  first  Java  server,”  says 
John  Rymer,  an  analyst  at  Forrester.  “Platforms 
have  different  tooling, some  are  better  for  busi¬ 
ness  applications,  some  require  new  lan¬ 
guages,  some  have  high  proprietary  content, 
some  provide  billing  services  —  it’s  all  over  the 
map.” 

Going  Saas 

Experts  agree  that  the  downturn  in  the  econ¬ 
omy  is  helping  boost  SaaS  as  an  alternative  for 
some  organizations,  but  they  advise  that  deci¬ 
sions  should  extend  beyond  the  initial  glow  of 
cost  savings. 

“What  a  lot  of  enterprise  decision  makers 
are  getting  back  to  is  the  fundamental  ven¬ 
dor  selection  process,  looking  at  vendor  via¬ 
bility  in  addition  to  solution  functionality” 
says  Jeff  Kaplan,  managing  director  of 
ThinkStrategies. 

And  others  add  that  Saas,  PaaS  and  cloud 
computing  are  fundamentally  reshaping  the 
role  of  IT. 

“The  IT  department  goes  from  one  of  imple- 
menter  to  one  of  inspector’’  Gartner’s  DeSisto 
says.B 
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I  designed  the  foundations  of  DNS  25  years  ago  to  be  simple  and  modular. 
That’s  how  dozens  of  extensions  have  been  successfully  added  over  the  years  to,  for  example, 
integrate  DNS  with  DHCP,  route  VOIP  calls,  lookup  RFID  tags,  and  use  international  character  sets.  All  aspects 
of  the  DNS  are  larger  now.  The  email  that  needed  one  DNS  lookup  in  1983  now  needs  dozens  for  delivery  and 

spam  checking  -  not  to  mention  a  billion  or  so  new  public  and  private  domain  names. 

But  don’t  let  this  seeming  complexity  get  you  down. 


The  first  key  for  dealing  with  this  challenge  is  to  select  tools  that  have  been  tested, 
proven  and  use  the  same  simple  and  modular  approach.  That  way,  effort  in  one 
application  helps  another.  At  Nominum,  we  tested  our  ENUM  servers  to  be 
sure  that  they  could  handle  DNS  databases  that  had  millions  of 
separate  zones  and  billions  of  resource  records  and  still 
deliver  instant  server  restarts  and  still  deliver  industry-leading 
performance.  That  meant  that  when  a  huge  antispam 
database  application  came  our  way  we  knew 
there  was  no  scaling  issue. 

The  second  key  is  to  use  the  advanced  technology  to 
monitor  and  control  your  DNS  (and  DHCP)  systems. 
You  shouldn’t  expect  your  sysadmins  to  validate 
security  credentials  by  hand  or  learn  new  languages 
when  your  business  goes  international.  Human  error  is 
always  a  concern.  DNSStuff  uses  its  own  dedicated 
network  assets  to  monitor  your  DNS  systems  at  a  level 
of  detail  unmatched  by  other  tools,  then  it  uses  its 
proprietary  algorithms  to  give  you  the  most  specific 
results  and  actions  to  fix  any  problems.  When  new  DNS 
applications  and  extensions  are  added,  DNSStuff  tools 
are  there.  Not  all  DNS  tools  are  created  equal. 

Paul  Mockapetris,  Father  of  DNS,  invented  1983 


■1  DNSstuff.com 
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Sprint  comeback:  Hard,  but  doable 

Despite  gloomy  news,  analysts  optimistic  on  Sprint  turnaround 


BY  BRAD  REED 

2008  was  a  bad  year  for  Sprint. 

The  carrier  not  only  posted  an  annual  loss  of 
$2.8  billion,  but  also  lost  more  than  4  million 
wireless  subscribers  and  wound  up  laying  off 
8,000  workers  this  past  January 

Sprints  competitors,  meanwhile,  seemed  to 
extend  their  advantages  over  the  beleaguered 
carrier.  Buoyed  by  the  release  of  the  iPhone  3G, 
AT&T  added  nearly  7  million  wireless  sub¬ 
scribers  in  2008  while  posting  earnings  of  $12.9 
billion  for  the  year, a  7.7%  increase  over  its  2007 
earnings.  Verizon  added  6.3  million  wireless 
customers  while  posting  a  net  income  of  $6.4 
billion,  a  16.4%  increase  from  2007. 

But  despite  all  the  gloomy  numbers,  Sprint 
still  has  some  things  going  for  it.  Now  that  the 
company  has  gotten  its  WiMAX  network  off  the 
ground  with  the  help  of  its  partners  in  the 
Clearwire  coalition,  for  instance,  Sprint  can 
offer  high-speed  mobile  broadband  services  to 
customers  roughly  two  years  before  rival  carri¬ 
ers  start  offering  4G  Long  Term  Evolution  (LTE) 
cellular  voice  and  data  services.  Clearwire 
plans  to  aggressively  expand  its  WiMAX  cover¬ 
age  this  year  by  spending  the  $3.2  billion  it 
raised  from  Google,  Intel  and  other  investors 
last  year  for  the  network  buildout. 

Robert  Rosenberg,  president  of  Insight 
Research,  says  Sprint’s  WiMAX  investment 
could  be  particularly  useful  in  regaining  some 
of  the  local  access  broadband  customers  that 
Sprint  lost  when  it  spun  off  its  local  division 
during  the  Nextel  merger  in  2005. 

“Sprint  made  a  strategic  bet  with  WiMAX 
technology  and  what  they  can  do  to  it,” he  says. 
“They’re  thinking  of  reinvigorating  their  local 
access  business  for  broadband...  That  access 
strategy  could  help  them  gain  more  customers 
for  their  voice  business  as  well.” 

The  company’s  WiMAX  investment  may  not 
go  off  as  smoothly  as  planned,  however,  as 
Clearwire  CEO  Ben  Wolff  recently  indicated 
that  tight  credit  markets  could  hinder  the  com¬ 
pany’s  ability  to  raise  additional  capital  for  fur¬ 
ther  expansions,  thus  potentially  slowing  down 
its  nationwide  deployment. 

“Sprint  wants  to  be  the  data  leader  on  the  3G 
side  and  the  WiMAX  side,”  says  Gartner  analyst 
Alex  Winogradoff.'The  WiMAX  investment  is  a 
great  investment  but  if  you  don’t  build  it  out, 
you  won’t  keep  your  advantage.” 

But  even  if  the  poor  economy  slows  down 
Sprint’s  WiMAX  rollout,  it  could  also  give  the 
company  a  boost  by  pushing  more  subscribers 
to  some  of  its  low-cost  wireless  plans.  In 
response  to  the  current  recession,  Sprint  last 
month  unveiled  a  plan  that  gives  users  unlimit¬ 
ed  calling,  texting  and  Web  use  for  $50  a 
month.  There  is,  however,  one  potential  prob¬ 
lem:  The  service  is  only  being  offered  over  the 


Sprint’s  rough  2008 

How  Sprint  stacked  up  against 
its  competitors  last  year 
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iDEN  network,  which  is  slower  than  the  CDMA- 
based  3G  network  and  has  caused  Sprint  prob¬ 
lems  since  being  acquired  in  2005.  Despite  this, 
IDC  analyst  Courtney  Munroe  thinks  that  if 
they’re  marketed  well,  Sprint’s  inexpensive 
wireless  plans  could  become  the  go-to  option 
for  bargain-hunting  wireless  customers. 

“This  economy  is  kind  of  good  for  them 
because  people  are  focusing  on  value,  not  the 
real  high-end  phones,”  he  says.“People  are  say¬ 
ing  that  maybe  they  should  cap  their  data 
usage  and  go  to  a  prepaid  plan  from  a  post¬ 
paid  plan.” 

Customer  service  still  key 

Of  course,  all  of  the  inexpensive  wireless 
plans  and  high-speed  data  networks  won’t  help 
Sprint  in  the  long  run  unless  the  company 
improves  its  customer  service. 

When  CEO  Dan  Hesse  took  over  the  compa¬ 
ny  in  December  2007,  he  placed  a  particular 
emphasis  on  improving  customer  service, 
which  has  been  a  trouble  spot  for  the  compa¬ 
ny.  A  survey  issued  by  the  University  of 
Michigan’s  Ross  School  of  Business  last  year,  for 
instance,  found  that  Sprint  ranked  last  among 


major  U.S.  wireless  carriers  in  customer  satis¬ 
faction. Things  haven’t  looked  much  better  this 
year  either,  as  the  company  continued  to  place 
last  in  customer  care  in  J.D.  Power’s  latest  semi¬ 
annual  survey  of  wireless  customer  service. 

If  there’s  one  silver  lining  to  Sprint’s  cus¬ 
tomer  service  problems,  it’s  that  its  churn 
rate  —  or  the  rate  at  which  its  customers 
cancel  their  service  —  dropped  to  2.15%  in 
2008,  down  from  2.23%  in  2007.  Even  more 
encouraging  is  that  the  2.16%  churn  rate 
that  it  posted  in  the  fourth  quarter  of  2008 
was  down  significantly  from  the  2.29% 
churn  rate  that  the  company  reported  in  the 
fourth  quarter  of  2007.  Munroe  says  these 
lower  churn  rates  may  be  the  first  indicators 
that  Sprint  is  beginning  to  right  itself  with 
how  it  deals  with  its  customers. 

“Now  that  their  market-share  erosion  is  slow¬ 
ing,  there  must  be  some  validity  to  the  notion 
that  they  are  incrementally  making  progress 
with  their  customer  service,”  he  says. 

Even  so,  a  wireless  churn  rate  of  2.16%  is 
nothing  to  crow  about,  as  both  AT&T  and 
Verizon  both  have  churn  rates  well  under  2%. 
And  as  Winogradoff  notes,  Sprint’s  customer 
service  reputation  has  taken  such  a  hit  that  it 
will  be  difficult  for  the  company  to  regain  the 
trust  of  customers  who  have  left  it  for  another 
carrier. 

“From  a  customer  prospective,  they  seem  to 
imply  that  things  are  going  in  the  right  direc¬ 
tion,  but  the  question  is:  Are  customers  soured 
on  the  brand?”  he  says.  “That’s  going  to  take  a 
long  time  to  turn  around.” 

And  if  Sprint  is  going  to  turn  around  its  brand 
name,  Rosenberg  says,  it  will  have  to  do  it 
alone.  After  all,  it’s  highly  unlikely  that  any  com¬ 
pany  will  want  to  shell  out  money  to  buy  the 
troubled  carrier  in  the  current  economic  cli¬ 
mate  of  tight  credit  markets. 

“There’s  always  a  chance  that  they’ll  be 
acquired,  but  right  now  making  deals  is  prob¬ 
lematic,”  Rosenberg  says.“If  they  can  keep  chip¬ 
ping  away  at  some  of  the  problems  they  have, 
there’s  no  reason  they  can’t  watch  their  num¬ 
bers  improve.” 

Munroe  expresses  a  similar  sentiment. 

“There  are  no  takers  for  Sprint  in  this  mar¬ 
ket,”  he  says.  “So  they’ve  got  to  keep  plugging 
away.  They ’re  working  very  hard  on  these  prob¬ 
lems,  and  it  could  be  a  good  turnaround  year 
for  Sprint  if  everything  falls  into  place.”B 
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NEC’s  advanced  communications 
solutions  put  you  in  charge  when  it 
matters  most. 
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NEC’s  Unified  Communications  provide  a  dynamic  and  realistic  connection  among 
individuals,  devices,  applications,  and  data.  Based  on  a  combination  of  innovative 
technologies  and  advanced  solutions,  its  mobility  and  flexibility  enables  people  to 
experience  greater  efficiency  and  productivity  -  in  any  industry. 

Integrated  IT  and  networking  solutions  like  these  have  made  NEC  a  world  leader, 
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Empowered  by  Innovation 


Special-purpose  device,  general-purpose  world 


In  late  February  Fortune  magazine  broke  the 
story  that  newspaper  giant  (though  getting 
smaller)  Hearst  is  developing  a  wireless 
newspaper  e-reader. This  project  seems  like 
almost  exactly  the  wrong  thing  to  do. 

Nothing  specific  has  yet  surfaced  about  the 
Hearst  reader.  Fortune  describes  it  as  being  the 
size  of  a  “standard  sheet  of  paper”  (8.5  x  1 1 
inches?)  and  it  might  use  displays  developed 
by  E  Ink,  which  Hearst  invested  in  about  a 
decade  ago. This  screen  would  be  a  lot  bigger 
than  the  6-inch  diagonal  screen  on  the  Amazon 
Kindle  book  reader.  As  Fortune  points  out,  more  space  for  ads. 

At  the  same  time,  a  number  of  Web  news  sites  reported  that  Hearst  is 
thinking  of  moving  a  lot  of  its  content  to  fee-based  Web  sites.  So,  if  I 
understand  this  correctly  Hearst  is  assuming  that  you  will  spend  your 
money  to  buy  a  special  reader  to  enable  you  to  spend  more  money  to 
read  its  content  —  sounds  like  a  plan. 

Hearst  seems  to  be  learning  from  Amazon  but  I  do  not  see  how  any¬ 
one  can  yet  learn  much  from  the  Kindle.  Amazon  has  been  selling  a 
lot  of  Kindles  but  that  does  not  mean  that  all  that  many  people  want 
to  keep  accumulating  special  purpose  devices. 

The  usefulness  and  use  of  the  Internet  has  grown  primarily  because 
a  single  device  —  the  PC  —  and  a  single  piece  of  software  —  the 
browser  —  enabled  access  to  a  vast  variety  of  applications  and  con- 
tent.You  do  not  need  to  get  a  special  computer  to  find  out  that  it  will 
snow  tomorrow  or  to  watch  politicians  say  dumb  things  on  YouTube. 

I  would  like  a  device  about  the  size  and  shape  of  the  rumored  Hearst 
device  but  I  want  a  general-purpose  computer,  not  a  one-trick  pony 
(see ‘Apple’s  next  mold  breaker?” at  www.nwdocfinder.com/9022).I 


expect  that  Kindle  sales  would  drop  precipitously  if  Apple,  or  someone 
else,  were  to  bring  out  a  device  of  the  sort  I  describe  in  that  column, 
particularly  if  it  has  a  full  color  E  Ink  type  screen  —  as  would  the  sales 
of  any  purpose-built  device  from  Hearst. 

I  do  expect  that  both  Amazon  and  Hearst  will  sell  some  of  their 
devices  to  people  who  like  new  toys  and  to  those  who  think  that  they 
only  want  to  do  one  thing  —  read  a  book  on  the  beach  or  a  plane,  for 
example.  But  woe  be  to  them  if  they  then  wanted  to  read  a  newspaper. 

Amazon  and  Hearst  could  try  to  force  people  to  buy  their  devices 
by  refusing  to  permit  their  content  to  be  displayed  on  other  devices. 
That  would  only  make  sense  if  there  were  no  other  sources  for  the 
content  and  the  public  is  clamoring  for  the  content,  or,  like  the  iPbd, 
the  device  is  so  much  better  than  anyone  else’s  attempt  you  can  drive 
the  market.  Note  that  the  iPod  Touch  of  today  is  not  the  single  purpose 
device  that  the  original  iPod  was.  So  even  Apple  sees  a  limited  future 
in  single-purpose  devices. 

Clearly  there  is  very  little  news  that  is  confined  to  the  Hearst  news¬ 
papers,  so  content  exclusivity  does  not  seem  to  be  much  of  a  forcing 
factor  for  the  Hearst  e-reader. 

It  is  sad  to  watch  an  industry  such  as  the  newspaper  business  try  to 
avoid  dealing  with  such  fundamental  changes  in  their  world  by  cling¬ 
ing  to  the  way  they  did  business  in  the  pre-Internet  world.  It  just  pro¬ 
longs  the  agony  for  all  involved. 

Disclaimer:  Harvard  is  still  learning  about  the  Internet  after  almost 
40  years  of  connectivity  but  it  is  learning  and  does  not,  as  far  as  I 
know,  have  an  opinion  on  those  that  do  not.  So  the  above  is  my  own 
view. 

Bradner  is  Harvard  University’s  technology  security  officer.  He  can  be 
reached  at  sob@sobco.com. 


The  fantasy  and  reality  of  government  security 


In  the  movies  the  government  has  always 
got  the  best  toys,  the  cutting-edge  technolo¬ 
gy  and  the  tightest  security  standards. Those 
who  have  worked  on  security  projects  within 
the  government  know  that  in  real  life  govern¬ 
ment  security  standards  and  implementations 
can  vary  all  across  the  range  from  quite  seri¬ 
ous  to  laughable. 

Over  the  last  few 
years  government 
departments  have 
been  earning  poor  or 
failing  grades  on 
cybersecurity  This 

may  be  about  to  change  with  a  $355  million 
investment  in  government  cybersecurity 
included  in  the  recently  passed  stimulus  bill. 

It’s  about  time  too:  Just  last  week  a  private 
company  notified  the  government  that  they 
had  discovered  the  blueprints  for  Marine  One  (the  president’s  heli¬ 
copter)  on  a  filesharing  network  node  in  Iran. 

If  we  believe  the  movies  then  a  file  as  sensitive  as  the  blueprints  for 
the  presidential  helicopter  fleet  would  be  encrypted,  biometrically 
protected  and  stored  in  a  bunker  at  an  undisclosed  location.  It’s  a  bit 
unfair  to  bash  government  security  in  this  case  because  the  file  was 
leaked  from  the  desktop  of  an  employee  of  a  private  contractor. 
Because  the  vast  majority  of  this  type  of  work  is  outsourced,  the  secu¬ 
rity  depends  as  much  on  enforcement  of  standards  at  third  parties  as 
it  does  on  the  security  within  government.  But  we  have  to  wonder: 
why  wasn’t  encryption  required  for  this  type  of  file?  Why  was  this  file 
allowed  on  an  unmanaged  desktop?  And  why  was  peer-to-peer  soft¬ 


ware  installed  on  the  same  desktop? 

Most  federal  systems  are  moving  to  compliance  with  the  Federal 
Desktop  Core  Configuration  (FDCC)  standard,  which  requires  that 
desktops  meet  certain  configuration  standards  that  effectively  “lock 
down”  the  desktop.  Even  without  the  FDCC  standard,  however,  it  is 
hardly  a  leap  of  imagination  to  expect  defense  contractors  to  disallow 
P2P  software  and  remove  administrator  privileges  from  users. This  was 

not  just  a  breach  of  security  by  one  employ¬ 
ee,  but  more  a  complete  lack  of  controls  in 
the  contractor’s  IT  department. 

Security  inside  the  government  or  in  the 
contractors  used  by  the  government  is  not 
uniform  or  consistent. That  in  itself  is  part  of 
the  problem.  Numerous  studies  have  shown 
that  the  vast  majority  of  security  breaches 
originate  with  a  few  well-known  security  vul- 
nerabilities.The  golden  rule  of  security  there¬ 
fore  applies:  Fix  the  top  problems  and  remove 
80%  of  the  risk. Then  focus  on  the  more  diffi¬ 
cult  20%.  Hopefully  the  government  investment  in  cybersecurity  will 
be  focused  on  the  top  risks  and  on  security  with  outsourcers  and  con¬ 
tractors  not  just  federal  systems. 

A  side  note:  Nemertes  Research  is  conducting  interviews  for  our 
security  benchmark.  We  are  interviewing  CSOs  and  directors  of  securi¬ 
ty  across  all  industries  and  company  sizes.  All  the  interviews  are 
anonymous  and  we  share  benchmark  results  with  the  participants.  If 
you  want  to  find  out  what  others  are  doing  about  security  send  me 
an  email  at  andreas@nemertes.com  to  participate  in  our  benchmark. 

Antonopoulos  is  a  senior  vice  president  and  founding  partner  at 
Nemertes  Research,  an  independent  technology  research  firm. 


SECURITY:  RISK 

AND  REWARD 

Andreas  Antonopoulos 


M Hopefully  the  government 
investment  in  cybersecurity 
will  be  focused  on  the  top 
risks  and  on  security  with 
outsourcers  and  contractors 
not  just  federal  systems.55 
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Moving  to  a  unified  wireless  network 


TECH  UPDATE 

M  An  inside  look  at  technologies  and  standards 


BY  MIKE  POWELL 

Wireless  access  is  becoming  essential  in  enterprise  networks.  With 
the  arrival  of  802.1  In  and  its  capacity  of  hundreds  of  megabits  per 
access  point,  the  value  of  wireless  access  has  increased  dramati¬ 
cally  and  the  wireless  domain  is  now  able  to  support  not  only  laptops  but 
VoIP  handsets,  dual-mode  smartphones  and  even  desktop  PCs.  But  how  do 
you  distribute  this  capacity  without  reducing  network  efficiency  or  strain¬ 
ing  your  budget? 


Initial  enterprise  wireless  LAN  (WLAN) 
deployments  offered  modest  bandwidth  and 
poor  security  As  a  result,  deployments  were 
limited  to  a  small  set  of  critical  applications 
and  typically  addressed  the  shortcomings  by 
using  an  overlay  architecture  as  a  minimally 
disruptive  way  to  quickly  graft  WLANs  to  wired 
networks. With  this  approach,  all  WLAN  traffic  is 
tunneled  to  a  centralized  access  controller 
where  it  is  de-encapsulated  and  authenticated 
before  entering  the  wired  network. 

While  802.1  In  improves  wireless  perfor¬ 
mance,  the  overlay  approach  results  in  a  net¬ 
work  bottleneck  and  inefficiencies,  and  wire¬ 
less  operations  are  still  treated  as  a  special  ser¬ 
vice  rather  than  an  essential  network  feature. 

This  leads  to  inefficiencies  that  prevent 
cost-effective  scaling  as  the  wireless  user 
base  increases.  If  you’re  contemplating  the 
migration  to  802.1  In,  you  need  to  ask 
whether  a  new  architecture  will  be  required 
to  realize  all  the  benefits  enabled  by  wireless 
access. The  answer  might  be  a  solution  based 
upon  a  new  building  block:  the  unified  wire¬ 
less/wireline  switch. 

As  WLAN  traffic  increases,  a  centralized 
approach  multiplies  the  amount  of  loading  on 
the  network  to  the  point  that  functionality  is 
compromised  for  all  traffic.  The  areas  most 
affected  include: 

•  Scalability:  New  controllers  must  be  de¬ 
ployed  in  a  linear  relationship  to  the  number  of 
access  points  supported.  This  centralized 
approach  cannot  scale  to  802.1  In  data  rates 
without  negatively  impacting  the  network. 

•  Performance:  Network  latency  and  conges¬ 
tion  packet  loss  increases. 

•  Security:  As  access  points  are  added,  secu¬ 
rity  requirements  become  more  difficult  to 
meet  cost-effectively 

•  Resiliency:  Centralized  control  creates  a 
single  point  of  failure. 

•  Cost:  Bandwidth  increases  in  cost  the  clos¬ 
er  it  is  to  the  core. 

The  high  bandwidth  wireless  enterprise  de¬ 
mands  a  unified  wireless/wireline  architecture 
that  eliminates  the  bottlenecks  and  inefficien¬ 
cies  that  arise  from  centralized  control.  Instead 


of  handling  wireless  traffic  as  an  exception,  a 
unified  network  integrates  wireless  with  tradi¬ 
tional  wired  LAN  services  to  provide  a  seam¬ 
less  interface  between  the  two. 

Specifically  wireless  data  and  management  is 
moved  from  the  core  of  the  network  to  the 
edge  by  terminating  secure  tunnels  at  edge 
switches  instead  of  at  the  access  controllers  in 
the  core.  Rather  than  routing  wireless  traffic  to 
the  core  and  back  to  the  edge,  backbone  band¬ 
width  is  conserved  by  terminating  traffic  at  the 
edge  and  routing  traffic  directly  to  its  destina¬ 
tion.  In  addition,  security  processing  is  moved 
to  the  edge,  guaranteeing  optimal  perfor¬ 
mance  that  scales  to  meet  user  demands  while 
maintaining  network  resiliency 

The  move  to  a  unified  wireless  switch  topol¬ 
ogy  is  an  expected  evolutionary  step  for  wire¬ 
less,  as  emerging  technologies  are  commonly 
introduced  in  the  core  and  moved  to  the  edge 
as  they  mature.  To  enable  the  unified  wireless 
switch  network,  several  new  silicon  and  soft¬ 
ware  technologies  will  be  required  develop¬ 
ments  that  are  expected  to  be  ready  before 
large-scale  802.1  In  deployments.The  key  tech¬ 
nologies  include: 

•  Open,  hardware-based  encapsulation: 
Rather  than  continue  with  the  proprietary 
encapsulation  technologies  used  to  backhaul 
wireless  traffic  today  the  unified  network  will 
utilize  new  open  standards.  To  realize  the  per¬ 
formance  and  cost  benefits  of  802.1  In,  the 
encapsulation/de-encapsulation  and  switch¬ 
ing  functions  should  be  integrated  with  the 
switch  silicon. 

•  Fragmentation  and  reassembly:  Encapsul¬ 
ation  headers  can  increase  packet  size  beyond 
Ethernet’s  1,518-byte  limit.  In  this  instance,  the 
IETF’s  control  and  provisioning  wireless  access 
point  support  for  fragmentation  and  reassem¬ 
bly  of  packets  solves  the  problem  of  buffering 
fragments  without  undue  latency  with  an  ele¬ 
gant  two-fragment  limit,  therefore  facilitating 
efficient  silicon  implementations. 

•  Distributed  access  point  management:With 
a  centralized  network, a  single  controller  could 
manage  10  to  hundreds  of  access  points.  In  a 
unified  network,  each  access  point  may  be 


managed  by  a  different  edge  switch. Therefore, 
switch  clustering  software  will  be  required  to 
form  self-organizing,  configuration-aware  uni¬ 
fied  switches.  Access  rights  and  policy  data¬ 
bases  will  need  to  be  propagated  and  man¬ 
aged  by  each  unified  switch. 

Other  benefits  network  administrators  and 
users  will  experience  include: 

•  Improved  scalability:  Appropriate  security 
capacity  is  introduced  with  each  increase  in 
bandwidth,  for  each  access  point  deployed, 
supporting  a  more  aligned,  pay-as-you-grow 
investment  outlay  when  compared  with  cen¬ 
tralized  wireless  controllers. 

•  Simplified  network  management:  Using  a 
homogeneous  topology  will  enable  network 
administrators  to  view  access  points  and 
switches  from  a  single  management  point 
rather  than  a  series  of  wired  and  wireless 
devices. 

•  Improved  performance:  Standardization  en¬ 
ables  wireless  tunneling  and  other  features  to 
be  implemented  in  silicon  rather  than  software. 

•  Automated  management:  Features  such  as 
auto-configuration  and  dynamic  radio  man¬ 
agement  can  be  better  managed  on  a  per- 
device  basis  when  compared  with  centralized 
implementations. 

•  Faster  authentication:  Moving  client  and 
policy  enforcement  to  the  edge  increases 
responsiveness  by  reducing  turnaround  time. 

•  Efficient  bandwidth  utilization:  Reducing 
the  load  over  the  network  backbone  will  result 
in  increased  performance. 

•  Reduced  Latency:  Users  will  also  experi¬ 
ence  reduced  latency  as  well  as  increased  net¬ 
work  resiliency  as  switching  will  occur  at  the 
edge  vs.  backhauling  all  wireless  traffic  to  the 
core  and  back  to  the  edge  again. 

Wireless  services  are  becoming  a  critical 
need  for  businesses, and  as  such,  high  band¬ 
width  wireless  access  must  be  an  integrated 
part  of  the  enterprise  network.  With  a  uni¬ 
fied  wireless  network,  all  of  the  perfor¬ 
mance,  scalability  and  expense  benefits  of 
the  traditional  network  are  available  to  sup¬ 
port  wireless  traffic. Without  this  unification, 
backhauling  and  scaling  limitations  will 
prove  cost-prohibitive  while  restricting  the 
outstanding  potential  of  high  bandwidth 
enterprise  WLANs. 

Powell  is  a  senior  product  line  manager  at 
Broadcom. 
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Search  hardware,  an  add-on  and  a  service 


This  weeks  column  is  about  searching.  First 
up  is  specialized  search  hardware  that  I’ve 
had  queued  up  in  the  Gibbs  Universal  In¬ 
dustries  Secret  Underground  Bunker  for  some 
time:  The  SnapStream  Enterprise  television 
search  appliance  can,  in  its  top  end  configura¬ 
tion,  record  as  many  as  10  TV  shows  simultane¬ 
ously  and  store  more  than  9,000  hours  of  video 
on  its  built-in,  fault-tolerant  storage. 

Think  of  the  SnapStream  Enterprise  asTiVo  on  steroids  with  an  enter¬ 
prise  attitude. This  rack-mountable  device  lets  you  search  within  the 
closed  captioning  of  television  broadcasts,  create  clips  from  con¬ 
tent,  burn  selected  content  to  DVD  or  download  it  to  archive, send  via  e- 
mail,  or  use  in  other  applications. 

The  problem  with  testing  the  SnapStream  Enterprise  is  that  I  need  mul¬ 
tiple  television  feeds  for  a  real  test. When  I  first  received  the  unit  I  thought 
I’d  have  time  to  pull  coax  to  the  Secret  Underground  Bunker  from  the 
satellite  dish  located  over  in  the  Administrative  Building,  but  I  haven’t  had 
the  chance.  Above  and  beyond  my  guilt  at  the  delay  in  testing,  I  wanted 
to  give  you  a  preview  of  this  system  because  it’s  a  really  cool  idea. 

You  can  configure  a  SnapStream  Enterprise  to  send  e-mail  when  it 
detects  keywords, watch  content  saved  on  a  SnapStream  Enterprise  from 
anywhere  on  your  internal  network  or  on  the  Internet,  transcode  to  other 
formats  including  Windows  Media  Video  and  H.264,  and  download  re¬ 
corded  content  to  iPhones  and  iPods  through  an  RSS  feed. 

There’s  more  to  the  SnapStream  Enterprise  that  I’ll  cover  when  I  get 
around  to  pulling  cable,  but  for  now  check  it  out;  as  a  tool  for  your  cor¬ 
porate  marketing  and  branding  people  or  for  tracking  news  relevant  to 
the  markets  your  company  deals  with,  the  SnapStream  Enterprise  has 
huge  potential.  Pricing  starts  at  $8,000. 


Also  on  my  list  when  it  comes  to  search  is  a  cool  browser  add-on/plug- 
in  that  I  can’t  live  without:The  Surf  Canyon  browser  search  assistant.The 
latest  release, Version  2.0. 1  .works  with  Internet  Explorer  6+  and  Firefox  2+. 

Surf  Canyon  monitors  what  you  search  for  on  Google, Yahoo,  MSN  Live 
Search,  Craigslist  and  Lexis  Web  and  tracks  which  results  you  select. 
When  you  return  to  your  search  results  page,  Surf  Canyon  modifies  the 
listings  in  real  time  to  include  results  it  determines  to  be  related  and  rel¬ 
evant  and.stap  me  vitals,  if  it  doesn’t  work!  It  appears  that  Surf  Canyon 
looks  at  the  results  you  follow  and  compare  those  with  other  results  from 
the  same  search.  It  then  reorders  the  results  placing  its  own  recommen¬ 
dations  indented  under  the  original  results. 

What’s  surprising  about  Surf  Canyon  is  just  how  good  it  is.  About  50% 
of  the  time  when  I  return  to  a  results  page  Surf  Canyon  has  considerably 
improved  the  relevance  of  the  results.  I  now  consider  Surf  Canyon  indis¬ 
pensable  and  award  it  a  rating  of  five  out  of  five.  Remarkable. 

Another  search  tool  that  will  appeal  to  all  you  techies  is  ErrorKey  a  ver¬ 
tical  search  engine  that  indexes  error  codes.  These  codes  are  not  only 
from  computer  hardware  and  software  but  also  for  various  makes  of  cars. 

Sometimes  the  search  for  an  error  message  will  result  in  detail  that  isn’t 
shown  unless  you  are  logged  in  (registration  is  free).  As  a  registered  user 
you  can  leave  comments  on  errors  (I’m  surprised  the  hired  guns  haven’t 
started  showing  off  and  touting  their  consulting  on  this  service). 

ErrorKey  is  a  great  idea  but  still  a  little  rough  around  the  edges,  with 
some  unpolished  user  interface  features  and  plain  sloppiness  (when 
you  confirm  your  account  by  clicking  on  a  link  in  an  e-mail  you  are 
greeted  with  “your  account  have  been  activated!”)  I’ll  rate  ErrorKey  3  out 
of  5  (they  could  easily  polish  the  service  to  get  a  much  higher  score). 

Gibbs  doesn 't  search  in  Ventura,  Calif.  He  quests.  Your  mission,  should  you 
accept  it,  to  gearhead@gibbs.com. 


Mark  Gibbs 
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Checking  the  cool  at  DEMO  09 

j 


COOLTOOLS 


ust  like  the  Consumer  Electronics  Show  in 
January  this  year’s  DEMO  09  (produced  by 
Network  World’s  events  division)  in  Palm 
Desert, Calif.,  was  affected  by  the  contin¬ 
uing  gloomy  economy  With  only  39 
companies  debuting  products 
and  services,  the  “glass  half 

_ empty”  people  would  likely 

say  that  there  wasn’t  much  to 
see  in  the  way  of  innovations,  exciting  technology  or 
cool  products.  While  there  was  less  to  see,  there  defi¬ 
nitely  were  some  shining  stars  among  the  demonstra¬ 
tors  at  this  year’s  event. 

Here  are  a  few  of  my  favorites: 

From  a  technical  standpoint,!  like  the  wireless  mesh 
technology  utilized  by  Avaak  in  its  Vue  Personal  Video 
Network  system  cameras.  The  system  uses  a  gateway 
base  station  that  connects  to  a  home  router  (it  can 
connect  via  Ethernet  or  a  wireless  dongle),  and  then 
uses  the  wireless  mesh  to  connect  to  individual  Vue 
Webcams. The  Webcams  are  powered  by  a  small  lithi¬ 
um-ion  battery  and  can  be  placed  practically  any¬ 
where  in  the  home. 

A  peel-and-stick  magnetic  mount  attaches  to  the  Webcam,  which 
means  you  can  place  the  cameras  on  a  wall  very  easily.  Once  con¬ 
nected,  the  Vue  system  can  stream  video  content  across  the  Internet, 
making  this  a  very  easy-to-use  “nanny  cam”  type  of  system. The  range  of 
the  system  is  300  feet,  but  optional  repeaters  can  be  purchased  to  extend 
the  range.  A  basic  package  (two  cameras  and  the  base  station)  will  be 
available  in  summer  2009  for  $299,  the  company  says.  Additional  cam¬ 
eras  will  cost  $99  each. 

SmartyCard  is  providing  a  way  for  parents  of  “tweens”  to  motivate  their  Shaw  can  be  reached  at  kshaw@nww.com. 


The 

Vue  can 
easily  be 
mounted  to 
the  wall  to 
stream  video 


kids  to  learn  by  providing  a  rewards  program.  Parents  can  buy  Smarty¬ 
Card  points,  and  kids  can  unlock  these  points  by  taking  fun,  yet  educa¬ 
tional,  quizzes  on  the  SmartyCard  Web  site.  With  correct  answers  (they 
have  to  score  7  out  of  10), a  specified  number  of  points  are  unlocked 
(quizzes  range  from  easy  to  difficult,  with  harder  quizzes 
earning  more  points).  Kids  can  take  their  points  and 
use  them  to  get  rewards,  such  as  virtual  world  time 
(Club  Penguin  and  so  on),  as  well  as  Amazon.com 
books,  DVDs,  music  and  more. 

The  company  also  plans  to  sell  SmartyCards 
through  retailers  (much  like  iTunes  gift  cards  and 
other  card  systems).  Some  may  say  that  this  sys¬ 
tem  is  more  like  bribery,  but  I  disagree.  Kids  are 
motivated  to  learn  in  different  ways,  so  I  don’t 
think  this  is  much  different.  In  addition,  we  live 
in  a  culture  that  rewards  “points”  and  other  such 
things  for  succeeding  in  different  things. 

Xandros  showed  off  its  Presto  utility  which 
boots  up  a  Windows  PC  or  notebook  without 
actually  booting  up  Windows.  It  connects  to 
your  network  (depending  on  your  settings  for 
wired  or  wireless)  and  includes  applications 
such  as  Skype,  instant  messaging  and  a  Web 
browser  (Firefox).  It  can  access  files  stored  on  your  system,  and  with 
OpenOffice.org  integration,  will  let  you  edit  those  documents  as  well.  It’s 
a  direct  competitor  to  Phoenix  Technologies’  HyperSpace  software,  but 
seems  to  have  some  additional  features.  In  addition,  the  software  will 
cost  $19.95,  vs.  the  subscription  model  for  HyperSpace. 

There’s  more  videos,  blog  posts  and  articles  about  DEMO  09  at 
www.networkworld.com,  so  check  those  out  too. 


across  the  Internet. 
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Your  IT  challenges 
come  in  all  sizes. 

So  do  our  solutions. 


Advanced  Recovery^  with  a  100%  recovery  record 
and  a  breadth  of  services  offered 

AdvancedHostingSM  with  over  2.000  customers 
and  34  production  facilities  with  a  range  of  managed 
IT  services 

Consulting  with  more  than  100,000  action 

plans  delivered  V;'V 

Continuity  Management  Software  the  most  | 
widely  used  to  keep  businesses  up  and  running 


IT  problems  happen,  but  disruption  doesn't  have  to  be  a  part  of  the  process. 
From  power  outages  to  downed  email,  SunGard  is  there  to  keep  it  alt  flowing. 
What  makes  10,000  customers  trust  and  depend  on  SunGard?  A  30-year 
history  of  doing  it  right. 

With  the  widest  range  of  Information  Availability  services  in  the  industry, 
SunGard  offers  the  solutions  to  cover  it  all— no  matter  what  the  availability 
requirement,  from  production  to  recovery.  SunGard's  infrastructure  has 
redundancies  at  every  level— we’ve  invested  so  you  don’t  have  to.  At  SunGard 
we  know  you  need  higher  levels  of  availability,  and  we  deliver.  So  leave  your 
worries  to  us. 


sungard'  aaat 

Availability  Services  Connected? 


To  learn  more  about  how  to  keep  your  people  and  information  connected, 
visitwww.availability.sungard.com/sgl  or  call  1-866-673-6616. 


CLEAR  CHOICE  TEST  MESSAGING  PLATFORMS 


Exchange  alternatives  are  a  good 
bet  for  midsize  rollouts 

But  Microsoft  messaging  platform  remains  tops  in  advanced  features 


BY  JOEL  SNYDER,  NETWORK  WORLD  LAB  ALLIANCE 

or  many  enterprises,  Exchange  is  synonymous  with  corporate  e- 
mail.The  one-two  punch  of  Exchange  server  on  the  back  end  and 
Outlook  e-mail  client  on  the  desktop  has  allowed  Microsoft  to  pull 
down  65%  of  the  enterprise  messaging  market. 

However,  with  the  release  of  Exchange  2007,  Microsoft  opened  the 
door  for  some  substantial  competition.  The  upgrade  costs,  hardware 
requirements  and  hassles  of  jumping  to  the  latest  version  have  many 
businesses  asking:  "Is  Microsoft  still  the  right  answer?" 

In  this  Clear  Choice  Test,  we  explore  how  Exchange  alternatives  stack 
up  against  Microsoft's  offer,  as  well  as  each  other. 

Our  testing  focuses  on  products  for  midsize  deployments  of  1 ,000  mail¬ 
boxes  or  less.  We  tested  six  Exchange  alternatives:  CommuniGate  Pro 
(CommuniGate  Systems),  Kerio  MailServer  (Kerio  Technologies), 
MDaemon  Pro  (Alt-N  Technologies),  MailSite  Fusion  (MailSite),  Scalix 
Enterprise  Edition  (Scalix,  a  Xandros  company),  and  Zimbra 
Collaboration  Suite,  Professional  Edition  (Zimbra,  a  Yahoo  company). 
(See  a  breakdown  by  product  at  www.nwdocfinder.com/9021.) 

We  installed  and  tested  each,  focusing  on  client  and  mobility  support, 
scalability  up  to  a  moderate  number  of  users,  ease  of  use,  and  support 
for  compliance  and  legal  discovery  features.  (See  our  test  methodology 
at  www.nwdocfinder.com/8921.) 

While  all  were  rock  solid  when  it  came  to  basic  tasks  such  as  sending 
and  retrieving  messages,  there  were  key  differences  in  manageability 
and  product  integration,  support  for  different  clients,  and  system  perfor¬ 
mance. 

While  there  are  places  where  our  Exchange  alternatives  outdo 
Exchange  —  such  as  in  price/performance,  Macintosh  interoperability 
and  manageability  for  midsize  deployments  —  Exchange  still  beats  the 


competition  in  many  areas  because  it  offers  a  range  of  features  that 
aren't  easy  to  find  in  the  third-party  market. 

Although  it's  difficult  to  point  to  one  overall  best  product  among  the 
Exchange  alternatives  (see  scorecard,  page  24),  there  are  clear  strengths 
and  differences  based  on  features  supported  and  product  style. 

For  example,  Kerio  MailServer  and  Zimbra  Collaboration  Suite  offer  a 
good  combination  of  multi-platform  interoperability,  a  good  user  expe¬ 
rience  and  solid  Outlook  integration.  CommuniGate  Pro  scored  well  on 
VoIP  integration  and  performance. 

Some  basic  feature  sets  come  up  short 

The  set  of  basic  features  that  comprise  a  business  e-mail  server  are  sim¬ 
ple  e-mail  access  and  full  support  for  multiple  delivery  protocols,  includ¬ 
ing  SMTP  POP  and  IMAP  Additionally  because  Exchange  also  includes 
contact  management  and  calendaring  tools  in  its  basic  bundle,  we  also 
considered  these  must-have  features. 

Not  surprisingly  we  had  no  significant  issues  in  finding  these  basic 
tools  across  most  of  the  products  tested.  The  first  product  that  didn't 
meet  these  basic  requirements  was  MailSite  Fusion,  which  doesn't  sup¬ 
port  an  important  IMAP  feature  called  "Idle"  that  was  first  developed  in 
1997  and  is  used  by  e-mail  clients  to  support  a  concept  referred  to  as 
push  e-mail:  instant  notification  of  an  incoming  e-mail.  Without  IMAP 
Idle,  the  alternative  is  for  the  client  to  continuously  poll  the  e-mail  serv¬ 
er  for  new  mail.  Even  this  deficiency  though,  may  not  be  important  to 
you  if  you  have  no  e-mail  clients  (such  as  mobile  phones)  making  use 
of  IMAP  Idle  or  if  you  don't  consider  push  e-mail  critical. 

However,  missing  IMAP  Idle  is  a  fairly  small  offense  compared  with 
what  we  discovered  in  Kerio  MailServer,  which  does  not  completely  sup¬ 
port  IMAP  Search,  the  IMAP  protocol  command  used  to  search  mes- 


NETRESULTS 


Product 

CommuniGate  Pro  Internet 
Communications  Platform  v5.2.9 

Kerio  MailServer  v6.6.2 

MailSite  Fusion  v9 

Vendor 

CommuniGate  Systems 
www.communigate.com/ 

Kerio  Technologies 
www.kerio.com 

MailSite 

www.mailsite.com 

Price 

For  100  users,  first  year:  $2,800; 

$3,285  including  A/V,  A/S  (as  tested 
with  Kaspersky  and  Cloudmark); 
subsequent  years:  $503;  $1,988 
including  A/V,  A/S. 

For  100  users,  first  year:  $2,299 
(including  A/S);  $2,759  including  A/V, 
A/S  (as  tested  with  McAfee);  subse¬ 
quent  years:  $690  (including  anti¬ 
spam);  $828  including  A/V,  A/S. 

For  100  users,  first  year:  $995;  $2,985 
including  A/V,  A/S  (Kaspersky  anti¬ 
virus  and  Mailshell  antispam); 
Subsequent  years:  $995;  $2,985  includ¬ 
ing  A/V,  A/S. 

Pros 

Server  platform  agnostic;  many  uni¬ 
fied  communications  features  includ¬ 
ed  in  the  bundle;  strong  showing  in 
performance  tests;  excellent 

Webmail  user  interface. 

Well  matched  to  mid-market  deploy¬ 
ments;  strong  management  tools; 
fully  supports  Mac  clients. 

Strong  emphasis  on  SMTP  security; 
provides  ability  to  control  message 
flow  with  support  for  Sieve  language. 

Cons 

Frustrating  management  interface. 

Weak  message  search;  online  sup¬ 
port  lags. 

Windows  centric;  lacks  MAPI  connec¬ 
tor  for  Outlook;  lack  of  real-time  visibil¬ 
ity  into  message  status;  difficult  instal¬ 
lation  process. 

Score 

3.55 

3.78 

2.86 
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sages  within  a  folder  or  set  of  folders. This  means  that  if  you  want  to  go 
find  something  inside  of  an  old  message  you've  got  filed  on  your  IMAP 
server,  then  this  mail  server  isn't  for  you. This  same  lack  of  search  capa¬ 
bility  also  extends  to  the  Webmail  interface. 

The  lack  of  Active  Directory  integration  in  some  of  these  products 
came  as  a  surprise.  Although  these  mail  servers  are  often  pitched  as  an 
alternative  to  a  Microsoft  world,  there's  no  reason  that  they  can't  coexist 
in  a  Windows  domain.  Both  the  servers  we  installed  on  Windows,  Mail- 
Site  Fusion  and  MDaemon,  would  link  to  Active  Directory  —  no  surprise 
there.  But  the  Linux  player  CommuniGate  Pro  wouldn't  talk  to  Active 
Directory  at  all,  and  the  Zimbra  Collaboration  Suite  let  us  use  Active 
Directory  for  authentication  but  not  for  storage  of  any  user  attributes. 

The  most  involved  Active  Directory  interactions  arose  when  we  were 
working  with  Kerio  MailServer  and  Scalix  Enterprise  Edition.  Both  of 
these  products  can  put  hooks  directly  into  Active  Directory  and  it  can 
then  be  used  as  the  product's  own  directory  service.  If  you  select  this 
option,  the  normal  Active  Directory  user  management  tools,  such  as 
"Active  Directory  Users  and  Computers,"  can  be  used  to  manage  user 
properties  in  the  Kerio  and  Scalix  servers,  bringing  those  more  into  line 
with  Exchange's  user  management  scheme. 

The  Scalix  server  linked  to  Active  Directory  without  any  technical 
problems,  although  the  process  is  fairly  arduous.  Unfortunately  not  all 
user  attributes  necessary  to  maintain  Scalix  users  are  contained  in 
Active  Directory  so  even  if  you  do  choose  to  link  Scalix  and  Active 
Directory  you'll  occasionally  have  to  dive  into  the  Scalix  management 
system  to  change  some  privileges  or  set  visibility  of  some  information  in 
the  mailbox.  With  Kerio  MailServer,  though,  we  were  unable  to  connect 
with  Active  Directory  Kerio's  technical  support  confirmed  that  this  was 
known  not  to  work,  and  that  this  would  be  fixed  in  the  next  major 
release. 

Extended  features  stand  out 

Each  product  tested  offers  features  beyond  basic  e-mail.  For  example, 
Zimbra  Collaboration  Suite  and  MDaemon  have  integrated  instant  mes¬ 
saging  servers,  and  MailSite  Fusion  has  a  short  message  service  gateway 
But  we  honed  in  on  specific-business  features:  Webmail,  antispam  and 
antivirus  support,  and  unified  communications  (UC)  tools  because 
those  are  the  types  of  tools  shipped  with  Exchange. 

All  included  at  least  one  Webmail  interface.  CommuniGate  Pro  and 
Zimbra  Collaboration  Suite  both  stood  out  as  having  especially  snazzy 


clients,  with  Scalix  Enterprise  Edition  and  Kerio  MailServer  showing  near¬ 
ly  as  nice.  This  doesn't  mean  that  MailSite  Fusion  and  MDaemon  had 
poor  Webmail  interfaces;  just  that  they  didn't  impress  us  quite  as  much. 

While  you  can  find  fault  with  any  user-focused  Web  interface,  it's  like¬ 
ly  that  most  users  would  find  the  Webmail  tools  in  these  products  very 
satisfactory  and  easy  to  use.  MDaemon's  Webmail  client  was  the  only 
one  that  gave  us  any  significant  pause,  because  there  are  two  complete¬ 
ly  different  interfaces  —  one  in  which  you  complete  normal  email,  con¬ 
tact  and  calendar  operations,  and  a  different  one  for  changing  settings. 
This  dichotomy  could  trip  up  users  who  don't  understand  why  the  client 
is  suddenly  popping  up  a  second  window  with  different  colors  because 
they  want  to  set  up  their  vacation  message. 

Several  of  the  mail  servers  also  had  built-in  legacy  Webmail  clients, 
presumably  to  handle  older  browsers.  Beware,  however,  of  MailSite 
Fusion's  older  client:  it  doesn't  handle  some  features  properly. 
Calendaring  is  what  we  tripped  over.  If,  for  example,  you  make  an 
appointment  using  the  old  Webmail  client,  it  won't  show  up  properly  in 
either  the  other  Webmail  client  or  in  an  Outlook  client. 

Kerio  MailServer  also  offered  a  stripped-down  client  specifically 
geared  for  mobile  devices,  while  MailSite  Fusion  had  a  WAP  client  for 
mobile  phones.  Zimbra  Collaboration  Suite  includes  an  iPhone-specific 
client,  which  is  especially  snazzy  although  if  you're  synchronizing  your 
mail,  contacts  and  calendar  using  its  mobility  features,  the  iPhone  client 
isn't  all  that  useful  because  you've  already  got  a  higher  level  of  syn¬ 
chronization  in  place  via  ActiveSync. 

With  Exchange  2007  built-in  support  for  UC  services,  especially  IP  tele¬ 
phony  we  expected  to  find  similar  features  in  most  of  these  products.  But 
our  expectations  were  misguided.  Only  CommuniGate  Pro  includes  any 
significant  voice  features.  Actually  CommuniGate  Pro  includes  a  full-on 
Session  Initiation  Protocol  (SIP)  PBX  with  features  such  as  automated 
attendant  and  voice  mail,  all  nicely  integrated  with  the  email  server.  We 
didn't  test  the  SIP  features  extensively  because  no  other  mail  server 
included  them.  However,  if  you're  interested  in  VoIP  integration  in 
CommuniGate  Pro,  beware:  the  overall  management  interface  is  not  for 
the  faint  of  heart. 

While  most  businesses,  even  small  ones,  will  want  an  offboard  e-mail 
security  gateway  with  antispam  and  antivirus  features  to  gain  the  high¬ 
est  levels  of  protection, all  of  these  products  have  the  option  to  run  inter¬ 
nal  antispam  and  antivirus  as  well. 

That  said,  Scalix's  optional  support  for  antispam/antivirus  was  barely 


MDaemon  vIO 

Alt-N  Technologies 
www.altn.com 

For  100  users,  first  year:  $1,015,  including  A/S; 
$1,500  including  both  A/S  and  Kaspersky 
A/V;  subsequent  years;  up  to  $650,  depending 
on  the  level  of  support  needed;  add  $485  for 
Kaspersky  A/V  updates. 

Great  management  system;  strong  SMTP 
security,  transaction  control  and  message 
routing;  excellent  visibility  into  message  flow; 
offers  multi-site  scalability. 

Lacks  ActiveSync  support  for  wide-scale 
mobility  device  support;  analysis  are  required, 


3.45 


Scalix  Enterprise  Edition  vll.4 

Scalix,  a  Xandros  company 
www.scalix.com 

For  100  users,  first  year:  $3,745;  $5,935 
including  A/S  and  A/V  (not  tested); 
subsequent  years:  $1,000;  $2,650 
including  A/S  and  A/V. 

Core  mailbox  service  is  very  solid. 


Lacks  integration  between  bundled 
open  source  management  tools; 
ActiveSync  support  not  available  for 
testing. 

2.95 


Zimbra  Collaboration  Suite  v5 

Zimbra 

www.zimbra.com 

For  100  users,  first  year:  $3800  (as  test¬ 
ed  with  mobility  features);  includes  A/S 
and  A/V;  subsequent  years;  $3,800; 
includes  A/S  and  A/V, 

Outstanding  integration  with  Outlook, 
Macintosh  clients,  and  ActiveSync 
devices;  strong  user  e-mail  experience; 
installation  of  open  source  tools  in  bun¬ 
dle  is  quite  good. 

On  the  low  end  of  performance  test; 
some  management  tool  integration 
rough  edges. 

3.83 
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CLEAR  CHOICE  TEST  MESSAGING  PLATFORMS 


SCORECARD 

Zimbra 

Scalix 

Collaboration 

Kerio 

Communi¬ 

Enterprise 

MailSite 

PRODUCT 

Server 

MailServer 

Gate  Pro 

MDaemon 

Edition 

Fusion 

Client  compatibility 
and  mobility  (25%) 

4.5 

4.0 

3.5 

2.5 

2.5 

1.25 

Manageability  (20%) 

2.25 

3.5 

2.0 

4.0 

2.0 

3.0 

Basic  features  (10%) 

5.0 

5.0 

5.0 

5.0 

5.0 

4.5 

Extended  features  (10%) 

4.0 

3.5 

4.5 

3.5 

3.0 

3.5 

Scalability  (10%) 

4.0 

2.0 

3.0 

3.0 

4.0 

3.0 

Compliance/security  (10%) 

4.25 

4.0 

3.0 

4.0 

2.0 

3.0 

Performance  (10%) 

3.0 

4.0 

5.0 

3.0 

3.0 

4.0 

Migration  tools  (5%) 

4.5 

4.5 

4.5 

3.5 

4.5 

3.0 

Total 

3.83 

3.78 

3.55 

3.45 

2.95 

2.86 

Scoring  key:  5:  Exceptional;  4:  Very  good;  3:  Average;  2:  Below  average;  1:  Subpar  or  not  available. 


there. The  responsibility  of  installation  and  integration  falls  to  the  system 
manager  to  get  a  package  from  a  third-party  vendor  or  from  Scalix,  install 
it  according  to  the  vendor's  instructions, and  then  try  and  figure  out  how 
to  bolt  it  into  the  Scalix  system.  Even  Scalix's  own  OEM  antispam  is  a 
nightmare  to  install,  complete  with  a  32-page  installation  guide. 

MailSite  Fusion,  MDaemon  and  Zimbra  Collaboration  Suite  have  a  sin¬ 
gle  choice  for  integrated  antispam  and  antivirus  tools,  with  integrated 
management  tools  ranging  from  poor  (Zimbra's  "turn  it  on  and  leave  it" 
option)  to  extensive  (MDaemon  Pro). 

CommuniGate  Pro  and  Kerio  MailServer  both  support  an  array  of 
choices  so  you  can  pick  whichever  one  you  prefer  or  which  comple¬ 
ments  your  desktop  antivirus  choice.  In  these  cases,  having  more  choic¬ 
es  also  comes  at  the  cost  of  having  a  less  elegant  management  interface 
and  less  integrated  reporting. 

If  simple  integration  with  on-board  antispam  and  antivirus  are  impor¬ 
tant  to  you,  MailSite  Fusion  and  MDaemon  should  be  on  your  short-list. 

ALT-N's  MDaemon  offers  easiest  management 

Management  of  a  midsize  e-mail  system  can  be  complicated.  System 
performance  has  to  be  monitored  to  ensure  reasonable  response  time 
for  users.  Protocol  engines,  such  as  SMTP  POP  and  IMAP  have  a  host  of 
configuration  variables  and  options,  many  of  which  are  obscure  or  idio¬ 
syncratic.  User  configuration  entails  more  than  just  adding  accounts,  as 
users  will  have  quotas,  filtering  rules  and  other  settings  to  be  managed. 
Messages  flowing  through  the  system  can  get  stuck  or  lost,  so  log  and 
queue  visibility  is  important.  And  don't  forget  important  task  support 
backups,  message  archiving  and  e-mail  retention  controls.  It's  a  tall  order. 

Microsoft  Exchange  2007  has  a  mixed  record  here  —  a  statement  we 
must  echo  for  every  alternative  product  tested.  Our  testing  focused  more 
on  system  management  than  on  user  management  as  the  latter  varies 
wildly  depending  on  how  an  organization  wants  to  use  the  e-mail  serv¬ 
er.  For  example,  if  you  wanted  to  keep  user  information  in  Active 
Directory,  anything  but  Kerio  MailServer  or  Scalix  Enterprise  Edition 
would  be  a  non-starter. 

On  the  other  hand,  if  you  don't  have  Active  Directory  or  don't  want  to 
keep  user  information  stored  there,  that  feature  would  mean  nothing  to 
you.  A  slew  of  user-based  features,  along  with  multi-domain  manage 
ment,  made  these  products  very  different  —  but  impossible  to  rank. 

In  system  management,  configuration,  monitoring  and  operations,  we 
found  more  commonality  of  function, but  could  still  pinpoint  important 
differences.  Alt-N  Technologies'  MDaemon  quickly  rose  to  the  top  of  the 
stack  as  one  of  the  easiest  products  to  manage  (see  screenshot,  page 
26),  especially  when  something  went  wrong.  The  logging  and  visibility 
into  system  queues  is  certainly  the  best  we've  ever  seen  in  more  than  20 


years  of  looking  at  mail  servers. 

In  addition  to  overview  pages,  which  show  messages  flowing  through 
the  system,  MDaemon  has  a  queue  manager  that  lets  you  click  on  stuck 
messages  and  take  actions  (such  as  delete  or  reject).  MDaemon  also 
had  very  good  performance  reporting  tools,  which  gave  us  a  good  view 
into  how  the  system  was  running, especially  under  heavy  load. Other  fea¬ 
tures  such  as  simple  message  retention  management,  per-user  filtering 
and  automated  configuration  backup  help  to  round  out  a  good  man¬ 
agement  system. 

We  did  find  fault  with  parts  of  MDaemon's  management  scheme.  For 
example,  there  is  no  message  tracking  tool,  and  the  backup  system  only 
covers  the  MDaemon  configuration,  not  the  user  mailboxes.  But  overall, 
e-mail  managers  using  MDaemon's  tools  will  feel  in  control  of  their  e- 
mail  system  and  be  ready  to  understand  and  solve  problems  as  they 
come  up.  Unfortunately  MDaemon  reserves  its  best  management  func¬ 
tions  for  a  Windows-only  management  tool.  While  there  is  a  Web-based 
management  package,  it  is  more  suitable  for  configuration  and  not  very 
good  for  system  monitoring. 

Also  at  the  top  of  the  management  pack  in  terms  of  functionality  is 
Kerio  MailServer,  even  though  it  is  one  of  the  two  products  tested  that 
requires  an  add-on  management  tool, and  can't  be  controlled  through  a 
Web  browser  (the  other  is  MailSite  Fusion). That's  fine  if  you're  sitting  at 
your  desk  all  day  but  few  e-mail  administrators  are  that  immobile. 

That  said,  Kerio  MailServer's  management  tools  make  it  easy  to  build 
and  manage  a  mail  server,  as  well  as  understand  what  is  happening 
when  something  goes  wrong.  Kerio  did  a  better  job  than  MDaemon  in 
some  important  areas,  such  as  automated  backups,  but  fell  short  by  not 
having  a  message  retention  management  tool. 

Each  product  tested  had  some  significant  failing  in  its  management  sys¬ 
tem.  But  MailSite  Fusion  fell  behind  for  several  reasons.  Performance  sta¬ 
tistics  in  MailSite  Fusion  are  normally  exported  through  WMI  counters, 
which  makes  them  easily  visible  in  BerfMon,  a  tool  familiar  to  any 
Windows  administrator. That's  a  great  idea,  and  it  should  have  given  the 
product  a  nice  edge  in  performance  monitoring.  But  these  counters 
don't  work  in  Windows  2008, so  we  couldn't  see  how  things  were  moving. 

Secondly,  MailSite  Fusion's  queue  management  tool  was  Windows 
Explorer:  you  point  it  at  a  directory,  and  then  you  can  click  on  a  mes¬ 
sage  to  open  it  in  Notepad  and  see  inside.That's  beyond  primitive;  it's 
positively  silly.  There  are  no  built-in  backups,  message  retention  man¬ 
agement  tools  or  log  management  automation.  Of  course,  no  prod¬ 
uct's  management  is  all  bad. 

MailSite  Fusion  makes  extensive  use  of  Sieve,  a  standards-based  e-mail 
manipulation  language  that  gives  the  administrator  some  unusual  levels 

See  Messaging,  page  26 
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1200,000 

TRANSACTIONS  PER  MINUTE. 


DONE. 


Introducing  the  world’s  fastest  x86-64  server.  The  IBM  System  x3950  M2  with  eX4  technology, 
Intel®  Xeon®  7400  series  processors  and  IBM  DB2®  has  set  a  new  performance  record.  IBM 
has  built  the  first  x86-64  system  to  break  the  one-million-transactions-per-minute  barrier: 
It’s  a  new  standard  in  performance  that  improves  efficiency  and  can  help  save  money  in 
transaction  and  database  processing.  Find  out  how  it  can  help  you  keep  pace  in  a  faster 
world  at  ibm.com/systems/fastest  STOP  TALKING  START  DOING™ 


Xeon 


inside 


Powerful. 

Efficient. 


'IBM  System  x3950  M2  with  the  Intel  Xeon  Processor  X7460  (2.66GHz  8  processors/48  cores/48  threads),  1,200,632  tpmC.  $1.99  USD  /  tpmC,  availability  as  of  December  10.  2008.  Results  referenced 
are  current  as  of  August  19,  2008  To  view  all  TPC  benchmark  results,  visit  www.tpc.org  TPC.  TPC-C  and  tpmC  are  trademarks  of  the  Transaction  Processing  Performance  Council.  IBM,  the  IBM  logo. 
System  x,  ibm.com,  DB2  and  STOP  TALKING  START  DOING  are  trademarks  of  International  Business  Machines  Corporation,  registered  in  many  jurisdictions  worldwide.  A  current  list  of  IBM  trademarks  is 
available  on  the  Web  at  "Copyright  and  trademark  information"  at  www.ibm.com/legal/copytrade.shtml.  Intel,  the  Intel  Logo,  Xeon,  and  Xeon  Inside  are  trademarks  or  registered  trademarks  of  Intel 
Corporation  in  the  United  States  and  other  countries  ©  2009  IBM  Corporation.  All  rights  reserved. 
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continued  from  page  24 

of  control  over  message  flow  unavailable  in  most  other  products. 

CommuniGate  Pro  has  a  user  interface  that  is  confusing,  difficult  to 
learn  and  error-prone.  Performance  statistics  are  given  in  the  least  palat¬ 
able  format  possible,  the  Venezuelan  Beaver  cheese  of  performance 
management,  while  the  lack  of  integrated  backup  and  message  reten¬ 
tion  tools  make  it  difficult  to  keep  e-mail  safe.  CommuniGate  Pro  has 
good  logging  and  queue  visibility  tools, but  they  are  embedded  in  a  GUI, 
which  frustrates  any  attempt  at  understanding  the  flow  of  mail  through 
the  system.  While  CommuniGate  Pro's  Webmail  tool,  Pronto,  is  a  joy  to 
behold,  the  system  management  interface  is  an  impediment  to  use. 

Scalix  Enterprise  Edition  and  Zimbra  Collaboration  Suite  both  drop  to 
the  bottom  of  the  pack  because  they  don't  have  integrated  management 
systems  at  all.  Both  have  fairly  nice  looking  Web  interfaces,  but  neither 
have  all  of  the  tools  in  one  place. 

It's  not  just  a  question  of  having  to  go  to  a  command  line  to  accom¬ 
plish  something  important  (as  you  will  frequently  have  to  in  both 
Zimbra  and  Scalix).  It's  a  matter  of  the  tools  being  assembled  with  a 
very  thin  veneer  of  management  laid  on  top  but  without  any  real  inte¬ 
gration  at  the  back  end.  Scalix  Enterprise  Edition  is  certainly  the  worst 
offender. 

For  example,  if  you  want  to  enable  SSL  on  IMAP  or  POP  in  any  other 
product,  it's  a  matter  of  simply  clicking  a  box.  With  Scalix,  you  have  to 
track  down  a  separate  package,  Stunnel  (SSL  Tunnel),  and  build  a  con¬ 
figuration  to  wrap  around  services  already  running  on  the  server. 
Unless,  of  course,  you  want  to  enable  SSL  in  SMTP 

Because  Scalix  uses  standard  Sendmail,  it's  possible  to  turn  on  SSL, 
but  it  means  diving  deep  into  the  world  of  Sendmail  configuration  — 
something  that  products  like  those  tested  are  supposed  to  free  you 
from.  And  if  you  want  to  turn  SSL  on  in  the  Web  server  to  secure  admin¬ 
istrative  traffic  or  Webmail  . . .  well,  that's  already  done,  but  if  you  want 
to  clean  up  the  certificates  so  that  they're  legitimate, you'll  soon  be  edit¬ 
ing  Apache  and  Tomcat  configuration  files. 

What  Scalix  does  have  is  an  incredibly  powerful  set  of  command-line 
tools  for  managing  the  message  store  -  tools  left  over  from  the  days  of 
HP  OpenMail  and  predating  Web-based  GUIs  of  any  kind.  For  example, 
aside  from  Exchange,  Scalix  is  the  only  product  we  tested  with  enough 
tools  to  build  a  real  message  retention  system. 

Zimbra  Collaboration  Suite  does  a  better  job  than  Scalix  at  linking 
together  a  pile  of  open  source  and  proprietary  tools  into  a  single  view, 
but  that's  not  saying  much.  Performance  monitoring  is  nicely  done, and 
backup  processes  are  very  well  thought  out.  But  those  are  bright  spots 
in  a  flashy, but  insufficient,  management  system.  Logging,  for  example,  is 
a  complete  mess  with  five  different  logging  directories,  three  complete¬ 
ly  different  logging  subsystems  and  no  integration.  Knowing  where  to 
look  in  the  logs  without  spending  a  month  with  the  system  is  impossi¬ 
ble.  While  there's  outstanding  documentation  that  describes  the 
innards  of  the  system,  what  we  learned  from  looking  at  products  such 
as  MDaemon  and  Kerio  is  that  a  GUI  can  help  reduce  the  learning  and 
re-learning  curve  substantially 

Some  of  Zimbra's  command-line  tools  also  are  zany  For  example,  the 
message  tracking  tool  -  something  that  I'm  incredibly  grateful  to  have  — 
is  case-sensitive  and  doesn't  have  all  messages  in  its  databases,  making 
it  nearly  useless  for  trying  to  track  down  missing  incoming  e-mail. 

Overall,  managers  evaluating  manageability  will  find  that  products 
such  as  MDaemon  and  Kerio  have  the  lowest  cost  and  frustration  fac¬ 
tor.  MailSite  Fusion  and  CommuniGate  Pro  are  hard  to  use,  but  with 
some  dedicated  study  and  experience  you  would  get  used  to  them. 
Zimbra  Collaboration  Suite  will  appeal  to  the  Unix  manager  who 
enjoys  diving  down  to  the  command  line,  digging  through  Postfix  con¬ 
figurations  and  restarting  the  occasional  service  by  hand  (as  we  had  to 
do).  Scalix  Enterprise  Edition's  management  will  be  attractive  to  any¬ 
one  who  has  a  deep  experience  with  e-mail  systems  and  Unix,  and  an 
equally  deep  distrust  and  hatred  of  GUIs  and  thinks  that  "vi"  is  about  as 
visual  as  they  want  to  get. 
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In  our  testing,  Alt-N  Technologies’  MDaemon  system  pro¬ 
vided  the  best  management  facilities.  The  view  it  provided 
into  the  system  queues  is  unprecedented. 


CommuniGate  Pro  is  speed  king 

We  quickly  found  that  modern  hardware  —  even  within  the  VMware 
and  storage-area  network  environment  —  offers  very  good  performance 
for  these  messaging  servers.  Our  performance  tests  stress  the  mail  servers 
far  beyond  what  any  midsize  business  would  see  for  incoming  mail  load, 
and  even  some  large  businesses.  However,  we  did  find  that  when  on¬ 
board  antispam  and  antivirus  are  in  use, performance  drops  considerably 
and  may  affect  how  users  perceive  system  response  time. 

To  test  performance,  we  sent  in  4,000  messages  to  each  server,  at  an 
offered  load  of  20  messages  per  second.  Then,  we  looked  to  see  how 
long  it  took  each  system  to  receive  and  file  the  messages  and  make  them 
available  to  users  for  reading. 

It's  clear  that  the  speed  king  of  this  test  is  CommuniGate  Pro,  which  was 
able  to  handle  20  messages  per  second,  even  when  antivirus  and  anti¬ 
spam  were  in  use  (see  graphic,  page  28).  This  success  is  partially 
because  of  an  intelligent  choice  of  antispam  product.  CommuniGate 
Pro  shipped  to  us  with  Cloudmark  antispam,  an  early  antispam  com¬ 
petitor  in  heavy  use  in  service  provider  environments  where  perfor¬ 
mance  is  an  important  consideration.  For  comparison,  the  two  slowest 
products  in  our  test, Zimbra  Collaboration  Suite  and  MDaemon, both  use 
SpamAssassin,a  product  infamous  for  its  poor  performance. 

Several  products,  including  MailSite  and  Zimbra  Collaboration  Server, 
failed  to  accept  20  messages  per  second,  even  without  antispam  and 
antivirus  in  place.  If  you  choose  either  of  these  products,  make  sure  you 
tune  carefully  for  performance  and  select  higher-end  hardware  to  have 
a  greater  margin.  Both  of  these  products  should  probably  be  deployed 
with  external  antispam/antivirus  gateways  to  ensure  users  don't  see  a 
slow-down  during  mail  bursts. 

Because  Scalix  didn't  send  us  an  antispam/antivirus  product, and  also 
because  of  the  daunting  task  of  trying  to  integrate  a  third-party  product, 
we  did  not  test  with  antispam  and  antivirus  enabled. 

Zimbra  offers  elegant  mobility  links 

We  believe  that  compatibility  with  Microsoft  Outlook  is  critical  for  any 
product  in  this  marketplace.  We  also  believe  that  most  businesses  will 
want  a  mobility  solution,  especially  one  based  on  Microsoft 
ActiveSync,  for  "push"  e-mail,  as  well  as  synchronized  contacts  and 

See  Messaging,  page  28 
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calendaring. 

Microsoft's  own  Exchange  server  matches  up  to  Outlook,  and  works 
well  with  ActiveSync  clients.  One  area  where  Microsoft  has  done  a 
poor  job,  though,  is  in  Macintosh  support,  so  we  were  interested  to  see 
how  well  our  test  systems  would  work  with  Macintosh  systems. 

Our  testing  with  IMAP  and  POP  protocols  was  flawless  on  all  the 
products,  much  as  we  expected. 

With  Outlook,  we  didn't  achieve  100%  success.  You  can  always  con¬ 
nect  Outlook  using  IMAP  and  PORbut  this  doesn't  bring  the  same  set 
of  collaboration  tools,  such  as  shared  and  synchronized  contact  lists, 
shared  calendars  and  free/busy  scheduling. To  connect  Outlook  suc¬ 
cessfully  to  one  of  these  servers  requires  an  adapter,  something  that 
speaks  MAPI  (Microsoft's  e-mail  API  protocol)  to  Outlook  and  some 
other  protocol  to  the  e-mail  server. 

Five  of  the  products  included  a  MAPI  connector;  only  MailSite 
Fusion  has  no  way  to  cleanly  link  Outlook  to  its  e-mail  server.  We 
found  that  the  MAPI  connectors  all  had  slight  idiosyncrasies.  For 
example,  we  looked  at  calendar  sharing,  a  common  but  fairly 
advanced  feature.  In  the  Zimbra  Collaboration  Suite  MAPI  connector, 
sharing  your  calendar  will  generate  a  message  to  the  person  you're 
sharing  it  with  to  accept  the  connection.  If  he  decides  to  accept  it, 
then  his  MAPI  connector  is  automatically  reconfigured  to  include  the 
other  calendar.  In  Kerio's  MAPI  connector,  the  reconfiguration  on  the 
other  end  has  to  be  done  manually  Each  of  the  products  had  small 
differences,  some  of  which  were  annoying  but  none  of  which  signifi¬ 
cantly  affected  functionality 

In  general,  the  Zimbra  Collaboration  Suite  had  the  most  elegant  inte¬ 
gration  with  MAPI,  but  this  was  by  a  slim  margin  —  unless  the  things 
it  does  better  such  as  managing  calendars  are  critical  features  for  you. 

Our  conclusion  is  that  taken  as  a  big  picture,  MAPI-based  Outlook 
connection  works  great  for  each  product,  but  depending  on  which  of 
the  dozens  of  features  you  want  to  use,  such  as  contact  and  calendar 
sharing,  multiple  global  address  lists,  collaborative  scheduling,  public 
folders  or  offline  operation, you  may  find  glitches  that  affect  your  final 
deployment.  In  any  case,  we  didn't  find  any  product  that  outdid 
Outlook  in  its  compatibility  and  smooth  integration.  The  mail  server 
vendors  all  worked  hard  to  make  Outlook  connect  to  their  products, 
but  if  you're  expecting  a  seamless  linkup, you'll  be  at  least  slightly  dis¬ 
appointed. 

Because  all  of  these  vendors  offer  easy-to-install  demonstration  ver¬ 
sions,  testing  is  easy  —  but  these  details  aren't  ones  you  can  get  out 


of  a  public  test.  You  will  find  that  MAPI  development  is  an  area  of 
aggressive  change  for  these  vendors.  In  reading  release  notes  for  each 
of  the  products,  many  were  making  substantial  changes  to  their  MAPI 
connectors  in  recent  versions,  especially  as  they  tested  for  Exchange 
2007  features. 

Kerio  is  tops  for  Mac  support 

With  Outlook  users  taken  care  of  in  one  manner  or  the  other,  we 
wondered  how  each  of  these  products  would  deal  with  Macintosh 
users.  Microsoft's  Exchange  client  for  the  Macintosh,  Entourage,  is  not 
supported  by  any  of  the  products  we  looked  at, so  we  had  to  look  fur¬ 
ther.  For  pure  e-mail,  the  Macintosh  platform  has  multiple  IMAP  (and 
POP)  clients  available, so  reading  and  sending  e-mail  was  not  difficult. 
Where  the  problem  comes  in  is  in  contact  and  calendar  manage¬ 
ment.  Apple's  OS  X  has  a  built-in  pair  of  applications  for  contacts 
(Address  Book)  and  calendars  (iCal),so  any  extension  would  have  to 
accommodate  those  products. 

Because  iCal  supports  the  new  IETF  standard  for  calendar  sharing. 
Calendaring  extensions  to  WebDAV  (CalDAV),we  hoped  to  find  prod¬ 
ucts  with  extensive  support  for  it.  Macintosh  Address  Book  has  specif¬ 
ic  support  for  synchronizing  with  Apple's  sharing  service,  MobileMe, 
as  well  as  with  Exchange, Yahoo  and  Google  applications.  However,  in 
the  absence  of  an  Address  Book  version  of  the  CalDAV  specification, 
there's  no  standard  you  can  point  to  for  Address  Book  synchroniza¬ 
tion  of  contacts. 

In  our  testing,  the  clear  winners  for  Macintosh  support  were  Kerio 
MailServer  and  Zimbra  Collaboration  Suite.  Both  have  very  complete 
CalDAV  implementations,  including  not  just  sharing  and  updating  cal¬ 
endars,  but  also  group  scheduling  by  sharing  free/busy  time  informa¬ 
tion.  In  addition,  both  have  Macintosh  specific  synchronization  plug¬ 
ins  for  Apple's  iSync  tool,  providing  a  very  clean  synchronization  of 
contact  information. We  tested  both  these  tools  and  watched  contacts 
flow  from  the  Macintosh  into  both  mail  servers,  then  be  immediately 
visible  to  webmail  and  Outlook  clients. 

Scalix  Enterprise  Edition  and  CommuniGate  Pro  also  include 
CalDAV  support,  but  the  versions  wd  tested  don't  include  all  of  the 
options.  For  example,  free/busy  time  sharing, important  in  group  meet¬ 
ing  scheduling,  didn't  work  in  either  product.  Neither  has  support  for 
Macintosh  Address  Book  contact  synchronization.  MailSite  Fusion 
offers  an  older  calendar  sharing  standard,  WebDAV,  which  is  a  sub¬ 
scription-only  option  —  Macintosh  users  can  read  their  calendars  off 
of  a  MailSite  Fusion  server,  but  can't  change  them.  MDaemon  has  no 
WebDAV  CalDAV  or  other  Macintosh-specific  support. 

Mobile  synch 

Finally,  we  turned  to  mobile 
device  synchronization.  While 
proprietary  schemes  abound, 
such  as  those  used  by  Palm 
operating  system  devices,  the 
dominant  standard  for  mobile 
device  synchronization  is 
ActiveSync,  available  on 
Windows  Mobile  and  iPhone 
devices. 

CommuniGate  Pro,  Kerio 
MailServer,  MailSite  Fusion 
and  Zimbra  all  support 
ActiveSync,  and  we  were 
(eventually)  able  to  get  all  of 
them  to  work  properly  with 
our  Windows  Mobile  and 
iPhone  test  devices.  Although 
making  ActiveSync  work 
often  took  some  doing,  we 
found  it  to  be  an  amazing  fea- 
See  Messaging,  page  30 


Tracking  Exchange  alternatives  from  a  performance  point  of  view 

In  our  performance  assessment,  we  sent  4,000  messages  to  each  server  at  an  offered  load  of  20 
messages  per  second  and  tracked  how  closely  each  server  could  keep  up  both  with  and  without 
antivirus  and  antispam  filtering  switched  on. 
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•SCALIX  DID  NOT  SUPPLY  ANTIVIRUS  AND  ANTISPAM  TOOLS  WITH  THE  BUNDLE  TESTED. 
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ture.  IPhone  users  will  especially  love  ActiveSync,  because  it  reduces 
the  need  for  them  to  keep  tethering  their  iPhone  back  to  iTunes  just 
to  keep  calendar  and  contact  information  in  synchronization.  Scalix 
Enterprise  Edition  has  ActiveSync  in  beta,  but  did  not  send  it  for  test¬ 
ing.  MDaemon  does  not  support  ActiveSync,  but  Alt-N  said  it  plans  to 
release  it  in  June. 

Another  method  of  mobile  device  synchronization  is  the  SyncML 
protocol,  a  popular  standard  for  smartphones. The  only  product  that 
claimed  to  support  it  was  MDaemon.  We  tested  SyncML  with  the 
Nokia  E61  SmartPhone  and  were  able  to  retrieve  and  update  contacts 
and  calendar  information.  If  you  need  SyncML  with  any  other  mail 
server  besides  MDaemon  (including  Microsoft  Exchange),  you'll 
probably  have  to  forgo  over-the-air  synchronization  directly  from  the 
server  and  instead  hop  through  an  existing  synchronized  client  on 
your  laptop  or  desktop,  such  as  Outlook  or  a  Macintosh  Address 
Book/iCalendar,  to  synchronize  to  your  smartphone. 

We  also  did  not  test  support  for  synchronization  with  BlackBerry 
Enterprise  Server.  Although  Research  In  Motion  has  supported 


Network  World  in  our  testing  in  the  past,  the  company  declined  to  pro¬ 
vide  support  for  this  test. 

Conclusion 

Our  top  scorers,  Kerio  MailServer  and  Zimbra  Collaboration  Suite,  offer 
a  good  combination  of  multi-platform  interoperability  a  good  user  expe¬ 
rience  and  solid  Outlook  integration.While  each  has  faults, these  are  good 
starting  points  for  anyone  looking  for  an  alternative  to  Exchange.  Other 
products  in  our  test  also  have  special  areas  of  expertise,  such  as 
CommuniGate  Pro's  VoIP  integration  and  high  performance.This  breadth 
of  options  bodes  well  for  any  system  manager  looking  for  a  different  path. 

While  MailSite  Fusion  and  Scalix  had  high  points,  both  also  had  sig¬ 
nificant  drawbacks  for  the  midsize  deployment.  Scalix's  lack  of  inte¬ 
grated  management  makes  it  more  appropriate  for  very  large  deploy¬ 
ments  where  a  technical  staff  is  available  to  handle  the  increased 
operational  burden,  and  MailSite  Fusion's  lack  of  a  MAPI  connector 
knocked  it  out  for  any  business  wanting  to  keep  the  high-quality 
Outlook  experience. 

Snyder  is  a  senior  partner  at  Opus  One,  a  consulting  firm  in  Tucson,  Ariz. 
He  can  be  reached  at  Joel.Snyder@opusl .com. 


Exchange:  Should  I  stay  or  should  I  go? 


In  light  of  the  pros  and  cons  of  the  alternatives  laid  out  in  this 
test,  should  you  keep  going  with  Exchange,  or  should  you 
switch?The  only  truthful  answer  we  can  give  is  "it  depends." 
Exchange  is  the  more  expensive  messaging  proposition,  at  least 
to  start.There  are  many  ways  to  buy  Exchange,  depending  on  how 
many  users  you  need,  but  the  short  answer  is  that  none  of  them 
cost  less  than  about  $75  per  user  and  can  run  up  to  $140  per  user 
for  the  bundles  that  include  Exchange  and  Windows  Server  and 
user  licenses  for  both  of  those  as  well  as  Forefront,  Microsoft's 
antispam/antivirus  service.  Compared  with  a  first-year  cost  of  $10 
to  $60  per  user  coupled  with  the  possibility  of  running  it  on  an 
open  source  operating  system,  the  Exchange  alternatives  we  test¬ 
ed  are  clearly  less  expensive. 

If  you  really  want  to  make  a  case  for  cost,  you  could  also  claim 
that  Exchange  requires  a  $90  Outlook  license  for  each  user,  a 
Windows  XP  or  Vista  license  for  each  user,  and  more  expensive 
hardware  than  a  similar  open  source  platform  might  require.  Of 
course,  those  arguments  are  pretty  specious:  most  businesses 
already  have  Office  (which  includes  Outlook)  and  Windows  PCs, 
and  they  probably  already  have  Windows  Server  running  some¬ 
where. 

But  looking  beyond  cost,  how  does  Exchange  stand  up  to  the 
less-expensive  competition?  Pretty  darn  well.  In  fact,  with  the 
possible  exception  of  Macintosh  support,  there  is  no  compelling 
reason  to  use  a  different  e-mail  product.  Exchange  works;  it  does 
a  good  job;  it  has  a  strong  extended  feature  set;  and  the  support  is 
top-notch. 

Exchange  is,  first  and  foremost,  a  mailbox  server,  and  it  does 
that  job  really,  really  well.  It  integrates  with  Active  Directory 
cleanly,  and  covers  all  the  basic  requirements  for  a  mailbox  server. 
When  it  comes  to  extended  features,  such  as  webmail  and  unified 
communications,  Exchange  meets  or  beats  all  of  the  products  we 
tested.  With  the  exception  of  CommuniGate  Pro,  nothing  comes 
close  to  Exchange's  support  for  VoIP  tools  and  protocols. 

If  you  require  scalability,  either  within  a  single  site  or  across 
multiple  sites,  Exchange  delivers.  With  both  availability  and  scala¬ 
bility  features,  Exchange  has  a  broader  reach  than  any  of  the 
competing  products  we  evaluated.  It's  definitely  true  that  your 
hardware  requirements  with  Exchange  will  be  higher  than  with 


some  of  the  performance-focused  products  we  tested,  but  when 
you're  looking  at  100  to  1,000  users,  you're  not  really  stressing  any 
of  the  products  installed  on  modern  hardware. 

Exchange  management  has  often  been  cited  as  a  weak  spot,  and 
it's  certainly  not  the  brightest  light  in  Microsoft's  arsenal. 

However,  with  Exchange  2007,  management  has  been  extended  to 
include  both  GUI  and  command-line  options,  meeting  a  common 
complaint.  But  is  Exchange  2007  as  easy  to  manage  as  some  of  the 
other  products  we  tested?  No,  definitely  not.  You're  going  to  have 
a  harder  learning  curve  with  Exchange,  and  it's  likely  you'll  spend 
more  time  getting  it  installed  and  running  cleanly.  None  of  the 
products  we  tested  took  more  than  a  half-day  to  get  running  suc¬ 
cessfully,  while  our  Exchange  test  deployment  took  several  days  of 
hard  work. 

Migration  in  Exchange  is  either  easy,  or  impossible.  If  you're 
moving  from  Exchange  2003  to  2007,  it's  simple,  easy  and  well  doc¬ 
umented.  If  you're  still  running  Exchange  5.5,  you've  got  a  problem 
and  are  going  to  have  to  turn  to  some  third-party  tool  and  an 
experienced  consultant  to  make  it  all  work. 

In  some  areas,  such  as  e-mail  retention  management,  Exchange 
2007  is  way  ahead  of  everyone  else.  In  others,  such  as  compliance, 
it's  about  the  same. 

So  what's  the  final  answer?  If  cost  is  your  main  driver,  our  tests 
show  that  there  are  other  products  that  will  meet  your  needs  at  a 
dramatically  lower  price. 

If  price  is  not  most  important,  focus  on  features,  such  as  scala¬ 
bility  across  multiple  sites,  Macintosh  synchronization  and  UC. 
These  will  help  differentiate  products  and  let  you  identify  which' 
ones  will  meet  your  needs  and  which  ones  won't. 

And  if  it  comes  down  to  a  close  race,  use  management  for  the 
tie-breaker.  For  250  or  less  users,  Exchange  2007  management 
time,  effort  and  frustration  will  be  higher  than  some  of  the  alter¬ 
native  that  pulled  down  the  top  management  scores. 

If  you  see  yourself  having  to  scale  up  across  multiple  servers  or 
even  multiple  disk  drives  in  the  same  server,  Exchange  2007  man¬ 
agement  will  begin  to  pay  off  very  quickly  by  centralizing  and  con¬ 
trolling  everything  from  a  single  console. 

—  JOEL  SNYDER,  NETWORK  WORLD  LAB  ALLIANCE 
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Mobile 

continued  from  page  1 

(1SE),  which  has  identified  a  range  of  mobile 
security  problems  “That’s  because  browsers  are 
pretty  complex  compared  to  most  programs 
on  a  smartphone.  Once  exploitation  occurs, 
the  remote  code  can  do  a  variety  of  things.” 

Browsers  make  requests  to  Web  sites,  down¬ 
loading  HTML  pages,  images,  PDF  files,  music 
and  video,  and  applications.  Depending  on 
how  the  browser  is  designed,  and  the  underly¬ 
ing  operating  system,  these  downloads  and  file 
executions  can  create  a  range  of  problems  — 
some  accidental,  some  intentional. Mobile  en¬ 
terprise  users  could  find  themselves  with  an  in¬ 
operative  handset,  or  compromised  corporate 
and  personal  data. 

One  growing  area  of  concern  is  Web  widgets, 
bits  of  downloadable  code  embedded  in  a 
Web  page.  They’re  growing  in  popularity  on 
handsets  because  they  offer  fast,  focused  ways 
to  send  or  retrieve  data,  without  having  to  go 
through  multiple  steps  with  a  mobile  browser. 
Many  of  the  programs  available  via  online 
application  stores. 

“They’re  great  because  you  can  certify  the 
application  [with  a  signed  digital  certificate] , 
but  the  widget’s  data  may  not  be  controlled,  or 
even  controllable,”  says  Norman  Woodward, 
senior  manager  for  wireless  at  Accenture’s 
mobile  communications  division. “You  can’t 
screen  the  data  before  it’s  downloaded.” 

A  desktop  example  of  the  potential  problems 
is  the  2008  “Secret  Crush”  Facebook  widget, 
which  purported  to  reveal  who  on  Facebook 
had  a  secret  crush  on  you  but  was  actually  lur¬ 
ing  you  to  download  an  adware  program. 

For  enterprise  security,  the  starting  point  is 
the  handheld’s  operating  system.  The  key 
issue  is  whether  the  operating  system  makes 
use  of  a  “sandbox”  architecture  for  the  appli¬ 
cations  it  runs.  In  effect,  each  application  gets 
to  “play”  in  a  separate  “space”  defined  by 
memory  and  permissions  in  the  operating 
system.  Its  activity  can’t  affect  other  applica¬ 
tions  or  access  other  parts  of  the  operating 
system. 

“Most  of  these  operating  systems  do  have  a 
sandbox  for  their  applications, ’’says  Dave  Field, 
device  management  and  security  architect 
with  Enterprise  Mobile,  a  Microsoft-backed 
company  that  specializes  in  enterprise  Win¬ 
dows  Mobile  deployments.  “With  a  sandbox, 
you  can  lock  down  the  execution  environment 
based  on  things  like  the  application  character¬ 
istics  and  limit  its  access  to  certain  configura¬ 
tion  settings,  APIs,  data  and  so  on.  You  put  a 
cage  around  the  application.” 

Taking  that  a  step  further,  ISE’s  Miller  says, 
some  mobile  operating  systems  have  a  non¬ 
executable  heap,  which  could  hinder  or  block 
the  execution  of  malicious  code. 

The  sandbox  coupled  with  execution  block¬ 
ing  are  features  exploited  by  Windows  Mobile, 
according  to  Field. “We  can  prevent  untrusted 
code  from  installing  at  all, unless  it’s  blessed’ by 
IT,”  he  says.“lt’s  like  inoculating  the  device.” 


The  Android  operating  system  for  mobile 
devices  is  built  on  the  Linux  kernel,  which  was 
developed  originally  for  mainframe-class  com¬ 
puters.  That  kernel  was  designed  to  separate 
multiple  simultaneous  users,  and  protect  them 
from  stepping  on  each  other’s  applications  and 
resources,  says  Rich  Cannings,  Android  secur¬ 
ity  engineer  at  Google.  What  Android  did,  in 
effect,  was  to  substitute  multiple  applications 
for  multiple  users, each  in  its  own  separate  user 
process. 

“On  the  desktops  browser  vulnerability  gives 
[malware]  access  to  the  full  desktop  machine,” 
Cannings  says.  “But  in  Android,  it  will  only 
affect  the  browser,  not  the  dialer  or  any  other 
application.” 

On  top  of  the  operating  system, browsers  can 
add  a  battery  of  built-in  protections  and  alerts. 
The  Mobile  Internet  Explorer  has  a  range  of 
security  zones,  and  alerts  users  when  they’re 
leaving  an  encrypted  SSL  session,  for  example. 
But  there’s  a  key  drawback  to  such  browser- 
based  features,  Field  notes:  “It  relies  on  the 
user’s  decision.” 

For  enterprise  customers,  Field  focuses  on 
identifying  what  security  elements  can  be  con¬ 
trolled  on  the  mobile  device,  and  then  auto¬ 
mating  their  configuration,  taking  those  deci¬ 
sions  away  from  fallible  or  careless  users. 

The  Android  browser’s  design  isolates  some 
types  of  vulnerability  For  example,  earlier  this 
year,  ISE’s  Miller  approached  the  Android  team 
with  a  suspected  browser  vulnerability:  a  mali¬ 
cious  MP3  file  that  potentially  could  execute 
code.  According  to  Cannings,  this  is  not  a 
browser  vulnerability  because  the  Android 
browser  hands  off  such  files  to  a  separate, sand¬ 
boxed  program  —  in  this  case  to  the  media 
player  that’s  part  of  the  Android  multimedia 
subsystem  developed  by  PacketVideo.  The 
malicious  MP3  file  “can  only  affect  what  the 
media  server  can  do  —  read  and  write  certain 
types  of  files,”  he  says. 

An  emerging  security  standard,  called  ex¬ 
tended  validation  certificates  for  SSL,  is  making 
its  way  into  desktop  and  slowly  into  mobile 
browsers, as  an  antiphishing  mechanism.These 
extended  certificates  provide  users  with  color- 
coded  alerts  to  confirm  that  an  SSL-protected 


Web  site  is  a  valid  site  or  a  known  or  possible 
phishing  site.  Microsoft’s  mobile  Internet  Ex¬ 
plorer  is  one  of  the  few  mobile  browsers  that 
support  this,  according  to  Miguel  Myhrer,  wire¬ 
less  network  lead  with  Accenture’s  mobile 
communications  division. 

Phishing  is  an  example  of  how  even  mobile 
browsers  with  well-designed  security  can  be 
subverted  careless  by  users.  Enterprises  can 
combine  effective  mobile  device  and  applica¬ 
tion  management  with  appropriate  mobile 
security  and  user  policies,  and  with  user  edu¬ 
cation  and  training. 

Increasingly  the  browser  may  become  one  of 
the  most  important  mobile  applications  to  be 
monitored,  configured  and  managed. 

“Device  management  gives  you  the  means  to 
diagnose,  interrogate  and  modify  settings  on  a 
handset,”  Accenture’s  Myhrer  says. 

Effective  device  management  means 
being  able  to  control  file  downloads,  to 
clear  device  caches,  sandbox  data,  deploy 
antivirus  packages,  enforce  mobile  VPN 
usage  and  so  on.  Tools  range  from  Micro¬ 
soft’s  System  Center  Mobile  Device  Manager 
2008,  to  Research  in  Motion’s  expanded 
management  features  in  the  upcoming 
BlackBerry  Enterprise  Server  5.0,  to  third- 
party  applications  from  Sybase  iAnywhere’s 
Afaria  as  well  as  from  F-Secure,  McAfee, 
Symantec, Tangoe  and  Trend  Micro. 

With  effective  device  management  in  place, 
“you  have  the  ability  to  apply  remotely  [soft¬ 
ware]  patches  and  updates  as  vulnerabilities 
are  identified,” says  Chris  Saint-Amanat,  mobile 
application  architect  with  Enterprise  Mobile. 
“And  you  have  the  ability  for  Internet  access  to 
be  proxied  via  VPN  to  the  enterprise  Web  proxy 
servers.”  An  advantage  with  Windows  Mobile 
6. 1 ,  he  says,  is  that  this  VPN  connection  is  active 
all  the  time.B 
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Mark  Gibbs 


am  writing  this  column  for  one  simple  rea- 
son:The  next  time  someone  says  to  me  “I 
don’t  get  Twitter,  it  seems  kinda  stoopid  to 
me.  What  is  it  all  about?”  I  can  direct  them  to 
this  polemic  and  save  my  breath. 
BACKSPIN  To  begin  with, Twitter  is  a  short  message  rout¬ 

ing  service  —  messages  are  limited  to  a  maxi¬ 
mum  of  140  characters  (and  not  160  as  Google 
CEO  Eric  Schmidt  claimed  at  the  recent 
Morgan  Stanley  technology  conference.)  This  length  restriction  makes 
“tweets”  (as  Twitter  messages  are  called)  equivalent  to  cell  phone 
“texts”  but  with  a  difference: Text  messages  are  essentially  one-to-one 
whereas  tweets  are  essentially  one-to-many 
Now  some  might  contend  that  Twitter’s  one-to-many  makes  it  equiva¬ 
lent  to  a  blogging  service  (some  call  this  microblogging),  but  not  so. 
The  core  of  social  networking  is  that  there’s  a  commons,  a  shared  area, 
wherein  people  communicate.  Normal  e-mail  has  no  commons.  Blogs 
have  a  localized  commons  and  there’s  usually  a  specific  focus  to  the 
hierarchical  discussion,  the  post’s  topic,  and  editorial  control  over  the 
thread. Twitter  has  a  global  commons  and  there’s  no  restriction  (other 
than  on  length)  to  what  is  posted  and  no  enforced  hierarchy 
Schmidt  also  claimed:“Speaking  as  a  computer  scientist,  1  view  all  of 
these  as  sort  of  poor  man’s  e-mail.”  Really?  That’s  like  saying  you  view  a 
motorcycle  as  a  poor  man’s  car. 

Here’s  the  way  to  view  these  different  forms  of  communications:  E- 
mail  is  like  person-to-person  phone  calls  while  blogs  are  like  lectures 
with  follow-up  questions  and  discussions.  But  social  media,  such  as 
Twitter,  are  like  a  cocktail  party 
So,  that’s  the  what,  now  the  why 

When  I  recently  asked  a  friend  why  he  doesn’t  use  Twitter  he  said, 


“Because  I  don’t  care  what  people  are  eating  for  lunch.”This  is  under¬ 
standable  because  you  can’t  “get’Twitter  until  you  explore  it. 

This  issue  of  “getting  it”  is  much  the  same  as  when  many  of  us  old 
timers  first  encountered  e-mail  (“Why  not  just  pick  up  the  phone?”)  or 
when  we  first  learned  about  texting  (“That’s  so  limited  and  so  labori¬ 
ous,  why  would  anyone  bother?”). 

It  is  only  from  actually  using  Twitter  that  you’ll  get  that“ah-ha” 
moment  and  realize  this  service  is  serious,  that  it  matters  and  that  it  is 
important  (many  think  it  already  is  a  more  important  form  of  commu¬ 
nication  than  blogging). 

I  could  explain,  at  length,  about  the  incredibly  useful  snippets  of 
information  that  people  pass  along  on  Twitter,  how  people  ask  for  and 
receive  help  from  each  other  as  well  as  from  companies  whose  prod¬ 
ucts  they  use,  how  companies  build  their  brands  and  acquire  new  cus¬ 
tomers  (did  you  know  Dell  made  $1  million  by  distributing  coupons 
via  Twitter  last  Christmas),  how  the  Los  Angeles  Fire  Department  used  it 
to  distribute  information  during  the  2007  wildfires,  and  how  new  ser¬ 
vices  such  as  BreakingNewsOn  have  transformed  news  gathering  and 
distribution,  but  1  really  don’t  have  enough  space  to  give  these  success 
stories  anything  other  than  a  brief  mention. 

Even  if  my  explanations  so  far  aren’t  enough  to  persuade  you  to  put 
some  serious  effort  into  “getting”Twitter”  just  consider  that  according  to 
a  blog  entry  on  Compete.com  in  February  this  year  Twitter  ranks  as  the 
third  largest  social  network  with  6  million  users  and  55  million  month¬ 
ly  visitors  (it  is  beaten  by  Facebook  and  MySpace,No.  1  and  No.  2). 

So,  given  that  so  many  people  already  “get’Twitter,  isn’t  it  about  time 
you  did  too? 

You  can  send  Gibbs  old-fashioned  e-mail  to  backspin@gibbs.com  or 
follow  him  on  Twitter  as  quistuipater. 
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Keeping  the  govt. 

The  Electronic  Frontier  Foundation  last 
week  took  the  wraps  off  a  new  Web  site 
that  is  designed  to  help  you  keep  the  gov¬ 
ernment  from  taking  the  wraps  off  your  per¬ 
sonal  communications  and  stored  data. 

And  here’s  a  prediction:  Someone’s  going  to 
call  it  a  threat  to  national  security  ...  Phooey 
From  the  site:“EFF  has  created  this 
Surveillance  Self-Defense  site  to  educate  the 
American  public  about  the  law  and  technolo¬ 
gy  of  government  surveillance  in  the  United  States,  providing  the  infor¬ 
mation  and  tools  necessary  to  evaluate  the  threat  of  surveillance  and 
take  appropriate  steps  to  defend  against  it. . . .  Surveillance  Self- 
Defense  exists  to  answer  two  main  questions:  What  can  the  govern¬ 
ment  legally  do  to  spy  on  your  computer  data  and  communications? 
And  what  can  you  legally  do  to  protect  yourself  against  such  spying?” 

Now  if  you’re  thinking  that  you  have  no  need  for  such  information 
because  you’re  not  doing  anything  wrong,  well,  you’re  right  in  the 
sense  that  this  site  is  not  meant  for  those  whose  faith  in  their  benevo¬ 
lent  government  remains  unshaken.  It’s  more  for  those  who  have  lived 
the  past  eight  years,  in  particular,  with  their  eyes  wide  open. 

The  site  addresses  surveillance  issues  as  they  relate  to  data  that  is  in 
transmission, stored  by  you,  or  in  the  hands  of  a  third  party  For  each 
data  state  there  are  sections  that  answer  “What  can  the  government 
do?”  and  “What  can  1  do  to  protect  myself?”They  get  into  subjects  such 
as  reasonable  expectations  of  privacy,  the  Fourth  Amendment, subpoe¬ 
nas,  search  warrants,  and  one  you  hope  not  to  need:  search  “incident 
to  lawful  arrest.” 

As  for  what  you  can  do  to  protect  yourself,  topics  include:  develop  a 
data  retention  and  destruction  policy;  master  the  basics  of  data  pro¬ 
tection;  learn  how  to  use  passwords  properly;  encrypt  your  data;  and 


’s  prying  eyes  at  bay 

protect  yourself  against  malware.  In  other  words,  the  kind  of  stuff  you 
do  every  day  but  your  less  tech-sawy  friends  may  not  understand. 

There  are  also  sections  about  the  government’s  recent  claims  to 
expanded  surveillance  authority,  as  well  as  one  about  “defensive  tech¬ 
nologies”  that  may  cause  a  stir  in  some  circles. 

The  site  is  well  organized,  easily  navigable  and  written  so  as  not  to 
scare  off  the  non-techies.There’s  a  legal  disclaimer  noting  that  “this 
guide  is  for  informational  purposes  only  and  does  not  constitute  legal 
advice.” 

Curiously  missing  is  any  sort  or  discussion  forum,  although  there  is  a 
form  for  asking  questions. 

I’ve  always  liked  that  the  EFF  is  an  action-oriented  advocacy  group 
—  witness  the  organization’s  highly  successful  Patent  Busting  Project. 
This  effort  fits  in  with  its  mission  quite  nicely  and  is  worth  a  look  ... 
even  if  you  have  nothing  to  hide. 

Depressing  question:  Is  this  optimistic  or  pessimistic? 

A  Harvard  professor  writing  last  week  in  the  Wall  Street  Journal 
pegged  the  chances  of  our  recession  morphing  into  a  full-blown 
depression  at  about  20%:“The  bottom  line  is  that  there  is  ample  rea¬ 
son  to  worry  about  slipping  into  a  depression. There  is  a  roughly  one- 
in-five  chance  that  U.S.GDP  and  consumption  will  fall  by  10%  or 
more,  something  not  seen  since  the  early  1930s.” 

Yes,  I  read  the  papers.  And, yes,  my  layman’s  grasp  of  the  macroeco¬ 
nomics  does  allow  me  to  understand  that  such  odds  are  reason  for 
alarm.  Nevertheless,  I  found  the  idea  that  there’s  an  80%  chance  we 
won’t  all  be  selling  apples  on  the  street  corner  somewhat  comforting. 

And  1  am  generally  the  pessimist’s  pessimist. 

Your  data  is  always  safe  with  me.  (Ha!)  The  address  is 
buzz@nww.com. 
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When  your  company  is  on  one  network ,  it  can  be  truly  flexible.  Expand,  move 

or  merge.  And  do  it  faster  on  a  single  IP  network.  Sprint  Converged  Solutions  lets  you  access  your 
voice,  video  and  data  instantly  on  one  network,  built  end-to-end  with  technologies  that  have  the 
Cisco  Quality  of  Service  certification.  So  you  have  the  flexibility  to  adapt  to  whatever  the  future  brings. 
Get  it  on  the  Now  Network .m  ,  . 
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Microsoft 


Mediterranean  Shipping  Company  has 
discovered  a  new  form  of  energy. 


Mediterranean  Shipping  Company  (MSC)  is  the  second-largest 
container  ship  line  in  the  world,  with  a  database  that  tracks  more 
than  210  billion  transactions  a  year.  The  company  recently  upgraded 
its  database  to  Microsoft"  SQL  Server"  2008,  not  only  to  handle  this 
massive  load,  but  also  to  simplify  MSC's  database  administration 
and  help  ensure  high  availability.  Which  is  like  a  new  form  of  energy 
for  MSC.  See  the  whole  story  at  SQLServerEnergy.com 

Microsoft 

S.  SQL  Server  2008 

snap  a  picture  of  this 
tag.  (Requires  a  free 
mobile  app  from 
http://gettag.mobi) 


To  get  the  full  MSC 
story  on  your  phone, 


